Separating privileged functions from non-privileged functions in a server instance

ABSTRACT

A server instance includes a first region to perform one or more privileged functions and a second region to perform one or more non-privileged functions. Thus, the privileged functions are separate from the non-privileged functions. The first region includes at least a portion of an object request broker, which is used in communicating with one or more clients coupled to the server instance. The second region executes non-privileged application code, and can be replicated within the server instance based on workload management criteria.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application contains subject matter which is related to the subjectmatter of the following applications, each of which is assigned to thesame assignee as this application and filed on the same day as thisapplication. Each of the below listed applications is herebyincorporated herein by reference in its entirety:

“ACCESSING LOCAL OBJECTS USING LOCAL ACCESS PROXIES,” by Frey et al.,Ser. No. 09/332,818;

“EMPLOYING MANAGEMENT POLICIES TO MANAGE INSTANCES OF OBJECTS,” by Freyet al., Ser. No. 09/332,303;

“DELEGATING INSTANCE MANAGEMENT FUNCTIONS TO UNDERLYING RESOURCEMANAGERS,” by Frey et al., Ser. No. 09/332,706;

“PROVIDING COMPOSED CONTAINERS AND DATA OBJECTS TO SUPPORT MULTIPLERESOURCES,” by Frey et al., Ser. No. 09/332,703;

“FACILITATING WORKLOAD MANAGEMENT BY USING A LOCATION FORWARDINGCAPABILITY,” by Frey et al., Ser. No. 09/332,302;

“ENSURING A GIVEN TRANSACTIONAL UNIT OF WORK ARRIVES AT AN APPROPRIATESERVER INSTANCE,” by Clark et al., Ser. No. 09/330,796;

“PERFORMING NAME RESOLUTION OF COMPOUND NAMES WITHIN A SINGLE CALL TO ARESOLVE METHOD,” by Frey et al., Ser. No. 09/332,305;

“FEDERATION OF NAMING CONTEXTS ACROSS MULTIPLE AND/OR DIVERSE UNDERLYINGDIRECTORY TECHNOLOGIES,” by Frey et al., Ser. No. 09/332,301;

“MAPPING OF NAME SPACE OBJECT IDENTITIES TO DISTINGUISHED NAMES,” byFrey et al., Ser. No. 09/332,704;

“A TRANSACTIONAL NAME SERVICE,” by Frey et al., Ser. No. 09/333,058);and

“REGISTRATION OF OBJECT FACTORIES UNDER MULTIPLE INTERFACE NAMES,” byFrey et al., Ser. No. 09/332,462.

TECHNICAL FIELD

This invention-relates, in general, to object-oriented computingenvironments and, in particular, to providing a distributed,object-oriented computing environment that is reliable, secure,transactional and workload managed.

BACKGROUND ART

Object-oriented technology continues to be an

increasingly-important tool for use in building portable applicationcode that can be readily used and reused. A basic premise ofobject-oriented technology is the use of objects. An object is arun-time entity with a specific set of instance methods and variablesassociated therewith.

In an effort to enhance the usability, portability, reliability andinteroperability of objects, certain standards have been created. Onegroup responsible for such standardization is referred to as the ObjectManagement Group (OMG), which is a consortium of different corporations,businesses and users interested in promoting object-oriented technology.

The Object Management Group has taken great steps in its standardizationefforts. For example, the OMG is responsible for the creation of anobject request broker (ORB), which is used to provide communicationsbetween clients and servers of a computing environment. The ORB is basedupon an architecture touted by OMG and referred to as the Common ObjectRequest Broker Architecture (CORBA).

One goal of the OMG is to provide distributed object-orientedapplications and systems that coincide with the needs and desires of theever-changing computing industry. This goal includes supportingmulti-vendor, global heterogeneous networks.

Although efforts have been made to meet the goals of the ObjectManagement Group, and of the object-oriented industry as a whole,further enhancements are still needed. For example, a need exists for adistributed object-oriented computing environment that is reliable,secure, transactional and workload managed.

SUMMARY OF THE INVENTION

The shortcomings of the prior art are overcome and additional advantagesare provided through the provision of a method of constructing a serverinstance of a computing environment. The method includes, for example,providing a first region of the server instance, the first region beingused to perform one or more privileged functions, and wherein the serverinstance supports object-oriented technology; and providing a secondregion of the server instance, the second region being used to performone or more non-privileged functions, wherein the privileged functionsand the non-privileged functions are separate.

In one example, the first region includes at least a portion of anobject request broker. The portion is usable in communicating with oneor more clients coupled to the server instance. In a further example,the second region includes at least another portion of the objectrequest broker. The at least another portion performs differentcapabilities then the first portion.

In another example, a plurality of second regions is provided. Further,workload among the plurality of second regions is balanced using aworkload manager coupled to one or more of the plurality of secondregions.

In a further example, the first region is located within a separateaddress space then the second region.

In another aspect of the present invention, a server instance of acomputing environment is provided. The server instance includes, forexample, a first region being used to perform one or more privilegedfunctions, and wherein the server instance supports object-orientedtechnology, and a second region being used to perform one or morenon-privileged functions, wherein the privileged functions and thenon-privileged functions are separate.

In yet another aspect of the present invention, a system of constructinga server instance of a computing environment is provided. The systemincludes, for example, means for providing a first region of the serverinstance, the first region being used to perform one or more privilegedfunctions and wherein the server instance supports object-orientedtechnology; and means for providing a second region is of the serverinstance, the second region being used to perform one or morenon-privileged functions. The privileged functions and non-privilegedfunctions are separate.

In a further aspect of the present invention, an article of manufactureincluding at least one computer usable medium having computer readableprogram code means embodied therein for causing the constructing of aserver instance of a computing environment is provided. The computerreadable program code means in the article of manufacture includes, forinstance, computer readable program code means for causing a computer toprovide a first region of the server instance; and computer readableprogram code means for causing a computer to provide a second region ofthe server instance. The first region is used to perform one or moreprivileged functions, and the second region is used to perform one ormore non-privileged functions. The privileged functions and thenon-privileged functions are separate.

The present invention advantageously provides integrity, applicationisolation, enhanced transaction recovery time and effective workloadmanagement.

Additional features and advantages are realized through the techniquesof the present invention. Other embodiments and aspects of the inventionare described in detail herein and are considered a part of the claimedinvention.

BRIEF DESCRIPTION OF THE DRAWINGS

The subject matter which is regarded as the invention is particularlypointed out and distinctly claimed in the claims at the conclusion ofthe specification. The foregoing and other objects, features, andadvantages of the invention are apparent from the following detaileddescription taken in conjunction with the accompanying drawings inwhich:

FIG. 1 depicts one example of a computing environment incorporating andusing the capabilities of the present invention;

FIG. 2 depicts one example of a managed object, in accordance with theprinciples of the present invention;

FIG. 3 illustrates one example of an interoperable object reference usedin accordance with the principles of the present invention;

FIG. 4 depicts one example of a local access proxy located within aserver instance, in accordance with the principles of the presentinvention;

FIGS. 5-6 depict one embodiment of the logic associated with building alocal access proxy for a target object, in accordance with theprinciples of the present invention;

FIG. 7 depicts one example of a policy set associated with a containerof a particular server instance, in accordance with the principles ofthe present invention;

FIGS. 8a-8 b depict one embodiment of the logic associated withactivating a managed object, in accordance with the principles of thepresent invention;

FIG. 9 depicts one example of an object transaction service and resourcerecovery service coupled to a server instance, in accordance with theprinciples of the present invention;

FIG. 10 depicts one example of a container managing an object, inaccordance with the principles of the present invention;

FIG. 11 depicts one example of a connection object associated with acontainer and used in accordance with the principles of the presentinvention;

FIG. 12a depicts another example of components of a server instance, inaccordance with the principles of the present invention;

FIG. 12b depicts one example of composed containers and composed dataobjects used in accordance with the principles of the present invention;

FIG. 13a depicts one example of a multisystem environment, which usesthe capabilities of the present invention;

FIG. 13b depicts the multisystem environment of FIG. 13a with theaddition of location service agents, which are used in accordance withthe principles of the present invention;

FIG. 14 depicts one embodiment of the logic associated with selecting anappropriate server instance to perform a particular task, in accordancewith the principles of the present invention;

FIG. 15 depicts one embodiment of the logic associated with ensuringthat a given unit of work arrives at an appropriate server instance, inaccordance with the principles of the present invention;

FIG. 16a depicts one example of a distributed name space, in accordancewith the principles of the present invention;

FIG. 16b depicts one example of a non-distributed name space, inaccordance with the principles of the present invention;

FIG. 17 depicts one embodiment of a hierarchy of naming contexts withina name space, in accordance with the principles of the presentinvention;

FIG. 18 illustrates one example of the inheritance and delegationrelationships associated with the components of a managed object, inaccordance with the principles of the present invention;

FIG. 19 depicts one example of a schematic illustration of differentnaming contexts being backed by different resources managers, inaccordance with the principles of the present invention;

FIG. 20 depicts one embodiment of the logic associated with handlingdisjunct bindings, in accordance with the principles of the presentinvention;

FIG. 21 depicts one embodiment of the logic associated with mapping aCORBA name to an object's identity, in accordance with the principles ofthe present invention;

FIG. 22 depicts one embodiment of the logic associated with creating aprimary key for new objects, in accordance with the principles of thepresent invention;

FIG. 23 depicts one embodiment of a transactional name server, inaccordance with the principles of the present invention;

FIG. 24 depicts one embodiment of the logic associated with creating anobject for a transactional name server, in accordance with theprinciples of the present invention;

FIG. 25 depicts one embodiment of the logic associated with updating anobject of a transactional name server, in accordance with the principlesof the present invention;

FIG. 26 depicts one embodiment of the logic associated with deleting anobject of a transactional name server, in accordance with the principlesof the present invention;

FIG. 27 depicts one embodiment of transactional context flows, inaccordance with the principles of the present invention;

FIG. 28 depicts one embodiment of a name space, which includes a lifecycle repository used in accordance with the principles of the presentinvention;

FIG. 29 depicts one example of inheritance relationships among variousinterfaces, in accordance with the principles of the present invention;

FIG. 30 depicts one embodiment of the logic associated with registeringmultiple interfaces for a particular implementation, in accordance withthe principles of the present invention; and

FIG. 31 depicts one embodiment of a server instance, which includes aserver control region and one or more server regions, in accordance withthe principles of the present invention.

BEST MODE FOR CARRYING OUT THE INVENTION

In accordance with the principles of the present invention, aninfrastructure is provided that supports an object-oriented,component-based programming model and provides for a computingenvironment that is distributed, reliable, secure, transactional, andworkload managed.

One embodiment of a computing environment incorporating and using thecapabilities of the present invention is depicted in FIG. 1. Computingenvironment 100 includes, for instance, one or more server systems 102coupled to one or more client systems 104. In the example describedherein, server system 102 and client system 104 are based on theEnterprise Systems Architecture (ESA)/390, offered by InternationalBusiness Machines Corporation (Armonk, N.Y.), and described in“Enterprise Systems Architecture/390 Principles of Operation”, IBMPublication No. SA22-7201-05, Sixth Edition (Sept. 1998), which ishereby incorporated herein by reference in its entirety. In otherexamples, however, one or more of the server systems and/or the clientsystems may be based on other architectures, including, but not limitedto, a UNIX architecture. Further, a server system of one architecturemay be coupled to a server system and/or a client system of anotherarchitecture.

In addition to the above, in one embodiment, at least one server system102, as well as one or more of the client systems, supportobject-oriented programming and object-oriented concepts.Object-oriented programming and concepts are described, for example, inCORBA A Guide To Common Obiect Request Broker Architecture, by RonBen-Natan, McGraw-Hill Publishers (1995), and Obiect-OrientedProgramming Using SOM and DSOM, by Christina Lau, van Nostrand ReinholdPublishers (1994), both of which are hereby incorporated herein byreference in their entirety. CORBA is further described in “CORBA2.2/IIOP Specification,” available at WWW.OMG.ORG/library/C2INDX.HTML,which is hereby incorporated herein by reference in its entirety.

Server system 102 includes, for instance, component broker runtimeservices 106, which provide the infrastructure and capabilities forvarious aspects of the present invention. In one example, componentbroker runtime services 106 include, for instance, systems managementservices, managed object framework interfaces, naming services, LifeCycle services, transactional services, interface repository services,and location service agent services. These services, as well as others,are used to implement aspects of the present invention, as describedbelow. Component broker runtime services may be included in, forinstance, a component broker product. The component broker product mayalso include and/or implement various aspects of the present invention.One embodiment of various features of a component broker is described in“Component Broker Programming Reference Release 2.0,” IBM PublicationNo. SC09-2810-04 (Dec. 1998); “Component Broker Programming GuideRelease 2.0,” IBM Publication No. GO4L-2376-04 (Dec. 1998); and“Component Broker Advanced Programming Guide Release 2.0,” IBMPublication No. SC09-2708-03 (Dec. 1998), each of which is herebyincorporated herein by reference in its entirety. Component brokerand/or component broker runtime services may be sold separately orpackaged with an operating system.

Server system 102 also includes one or more resource managers 108, whichown and control a set of resources within the computing environment; andat least one operating system 110, which controls the operation of theserver system.

One example of a resource manager is a database management facility,such as DB2, offered by International Business Machines Corporation(Armonk, N.Y.). DB2 is described in “OS/390 Version 5 Release Guide,”IBM Publication No. SC26-8965-01 (June 1997), which is herebyincorporated herein by reference in its entirety. Data managed by DB2may be stored on external storage 112 (e.g., direct access storagedevices (DASD)) coupled to server system 102.

One example of operating system 110 is the OS/390 or Multiple VirtualStorage (MVS) operating system offered by International BusinessMachines Corporation (Armonk, N.Y.). OS/390 is described in “MVSProgramming: Assembler Services Guide,” IBM Publication No.GC28-1762-01, Second Edition (September 1996), and “MVS Programming:Assembler Services Reference,” IBM Publication No. GC28-1910-01, SecondEdition (September 1996), each of which is hereby incorporated herein byreference in its entirety.

In accordance with one aspect of the present invention, operating system110 includes at least one instance of a server 114, which is, forexample, a software process defined within server system 102. Eachserver instance is in one or more address spaces and is defined using,for example, one or more graphical user interfaces (GUI) provided bycomponent broker runtime services 106. The graphical user interface(s)provides options, which enable the server instance to be named and to beassociated with certain characteristics (e.g., is the server instance tobe secure, workload managed, etc.). The information presented on the GUIis stored in a database, such as a DB2 database. Subsequent to definingthe server, the server is created by using, for instance, an addressspace create, which pulls the requisite information from the DB2database.

Server instance 114 includes various components such as, for example,one or more objects 116, one or more containers 118, and at least oneobject request broker (ORB) 120. Each of the components of serverinstance 114 is described in further detail below.

Object 116 is a run-time entity (e.g., application code) with a specificset of instance methods (i.e., functions to be performed on the object)and instance variables (used to store data specific to the object)associated therewith.

One example of an object is a managed object 200 (FIG. 2), whichincludes various components, such as a business object 202, a dataobject 204 and a key object 206. Managed object 200 is created via amanaged object framework, which includes a set of interfaces that isinherited. Pieces of the managed object framework are inherited by thebusiness object, when it is created, which enables the business objectto reside in server instance 114. As one example, business object 202inherits an interface from the managed object framework called “managedobject with data object.” This provides data object 204.

Data object 204 is a helper object to the business object. It is notexposed to the user of the business object. Included within the dataobject is the means to reference the data (e.g., SQL for DB2 data). Thatis the data object includes a schema map. It is the object responsiblefor going to the database, retrieving the requested information, andpassing the information on to the business object.

A set of methods is introduced on the “managed object with data object”interface, which includes, for instance, an initForReactivation method,a initForCreation method, an uninitForPassivation method and anuninitForDestruction method. These methods are driven on the businessobject after or before the container performs a function. It is thecontainer that manages the object in virtual memory. These methods areused to tell the business object what the container has done and to givethe business object a chance to do processing as a result of thecontainer managed event.

In particular, the initForReactivation and initForCreation methods areused to bring a virtual memory image of a managed object into memory andto initialize it, as described further below. The uninitForPassivationmethod is used to remove the image of a managed object from virtualmemory; and the uninitForDestruction method is used to delete a managedobject from the backing store (e.g., the DB2 database), also describedfurther below.

The implementer of the business object is responsible for implementingthe above-described methods. For example, assume an applicationdeveloper wishes to build an implementation of a business object of TypeA. The application developer uses an interface for Type A that inheritsthe “managed object with data object” interface. That interface providesthe inheritance for the four methods, for which the applicationdeveloper has provided implementations.

The application developer also provides an implementation for key object206, which is associated with the business object. The key objectincludes a key value used to identify the managed object from othermanaged objects within a home collection.

In one embodiment, all of the provided implementations are compiled,linked and packaged into a dynamic linked library (DLL). The DLL issupported by an object referred to as a home collection object built bya systems management application.

In particular, each managed object lives in a home, which is identifiedby a name and has a defined set of properties associated therewith. Therelationship between the home and information in the DLL is representedby a set of systems management metadata in the form of data definitionlanguage (DDL). The DDL includes, for instance, the name of the home,the properties of the home, and the name of the container (describedbelow) that is going to support the DLL. Additionally, the DDL includesthe name of the business object class, the name of the data objectclass, and the name of the primary key class. The DDL package isimported into a systems management application. The systems managementapplication ensures that the named container exists (i.e., there is asystems management definition) and then builds the home collectionobject to support the DLL. The home inherits from the container that itis attached to, so there is a merge of the home and the container. Thus,there is a merge of the metadata.

Returning to FIG. 1, server instance 114 also includes one or morecontainers 118. A list of the containers associated with the serverinstance is built and stored in, for instance, a DB2 database duringcreation of the server instance. In one example, each server instancehas a root container that is bootstrapped to the server instance andmanages any other containers associated therewith. Similar to the serverinstance itself, each container is defined using, for example, one ormore graphical user interfaces provided by component broker runtimeservices 106. Using the GUI, the container is named and any policiesassociated therewith (as described below) are defined. Once again, thedefinition is stored in DB2. Additionally, the relationship between theserver instance and the container is stored in DB2.

Each container is used to locate one or more managed or business objects(referred to herein simply as objects) that are associated with thecontainer. That is, the container is considered a home to the one ormore objects. The container is able to locate an object using the objectkey provided to the container by, for instance, object request broker120. If the object is not in virtual memory, the container brings theobject into virtual memory from storage (e.g., a database) andmaterializes the object. The container then passes the virtual addressof the object to object request broker 120, since it was the objectrequest broker that passed the object key to the container. When the ORBreceives the address, it can then dispatch methods onto that object.

Object request broker 120 is responsible for managing communicationsbetween a server instance and a remote client. In particular, the ORBreceives requests from a remote client, determines the object that isbeing requested and drives the requested method on that particularobject. In order to locate the object, the object request broker passesthe object key to the container, which then locates the object for theobject request broker.

A remote client is located, for instance, in client system 104, whichincludes one or more clients or client instances 128 managed by at leastone operating system 130. Operating system 130 is, for example, theOS/390 operating system offered by International Business MachinesCorporation. In other examples, operating system 130 is Windows NT, AIXor any other operating system that can be employed with the presentinvention.

A client includes, for example, one or more applications 132, one ormore remote access proxy objects 134 and a client object request broker136.

Application 132 initializes requests to objects located within a serverinstance 114 of server system 102. Each request includes aninteroperable object reference 300 (FIG. 3), which provides the identityof the object and the identity of the server instance in which theobject resides. In particular, interoperable object reference 300includes, for instance, a header 302 providing information regarding theobject, including its type; network addressing information 304 providinglocation information for the server instance housing the object; and anobject key providing the identifier (i.e., key) of the object.

When an application issues a request, the request is intercepted byremote access proxy object 134, which is coupled to the application andto ORB 136. The remote access proxy object gives the client applicationthe illusion that the client application is driving a method on a localobject instead of a remote object. The remote access proxy object passesthe request to ORB 136, which forwards the request to ORB 120 of a givenserver instance via, for instance, a TCP/IP connection 138. ORB 136knows which server instance to send the request to, since the serverinstance is identified in network addressing information 304 locatedwithin the interoperable object reference, which is passed with therequest.

The interoperable object reference is provided to the client as a resultof a response to a request by the client or as some inbound parameter.For example, the interoperable object reference may be provided to theclient by a naming service, as described further below. When theinteroperable object reference is imported into the client-side ORB, theclient-side ORB recognizes it as an object reference and interrogates itto determine what should be done with the reference. Since it is anobject reference, ORB 136 builds a remote access proxy object,associates the addressing information with the proxy and hands thevirtual address of the remote access proxy object to the applicationthat wants to use it. Thus, when the application drives the object, ittalks to the proxy, which proceeds to the client-side ORB. Theclient-side ORB then uses the network addressing information stored inthe IOR of the proxy object to locate the server instance, and to passto the server instance the object key as opaque data. Thus, the proxyobject, which resides in a client, represents a network-wide referenceto the target object, which resides in a remote server instance.

As described above, the remote access proxy object is used to drive theclient-side object request broker in order to deliver method requests tothe target object, which resides physically in another address spacesomewhere in the network. Because the client application does not use anactual virtual memory address of the target server object, the lifecycle of the physical object resident in the server instance can beindependent of the number of outstanding client references to theobject.

However, in the case where the client (i.e., the requester) of thetarget object resides physically in the same address space as the targetobject itself, it is common practice to represent the reference to thetarget object with a virtual memory pointer, since there is norequirement for an object request broker interaction. ORBs areconventionally used only to provide communication across differentapplication processes (i.e., across different address spaces), not tofacilitate communication within the same application server process(i.e., the same address space). Therefore, for the local access case,the life cycle of the target object is tightly bound with the trackingof the outstanding local references to the object.

There are a number of problems associated with binding the life cycle ofthe target object with the outstanding local references. First, theprinciple of local/remote transparency is broken, since the localreferences to an object behave differently than the remote references.Second, the approach constrains the management of the virtual memoryresident copy of the target object and makes memory residency dependenton the number of outstanding local references. Third, since physicalcopies of the target object are tied directly with a virtual addresspointer in the client application, certain instance management policieswhich determine such things as activation, and isolation level atvarious execution contextual boundaries cannot be implemented, sincethere can be no assurance that reference to the object will not be usedby multiple units of work running in difference execution contexts. Inother words, separate cached copies of the target object cannot beprovided by the instance management component (e.g., container) of theserver instance (described below), since shared use of the referenceresults in shared use of a single cached copy of the object.

Based on the foregoing, a need exists for the decoupling of the localobject references from the management of virtual memory copies of thetarget object within the instance management container. Further, a needexists for allowing objects to be independent of (e.g., not bound) toany address pointers owned by the client application (i.e., therequester). Thus, in accordance with one aspect of the presentinvention, a local proxy is added to a server instance, so that anyaccess to the target object whether remote or local within an addressspace is managed through a proxy.

The addition of a local proxy on a server instance for local access isdepicted in FIG. 4. A local access proxy 400 enables one object 402(e.g., a managed object or a business object) or the ORB in a serverinstance 114 to drive another object 404 (e.g., a managed object or abusiness object) in the server instance in a manner similar to anapplication in client 128 driving an object in server instance 114.Advantageously, this provides for local/remote transparency in that anobject can be driven in the same manner regardless of whether the accessis local or remote.

One example of the logic associated with building a local proxy isdescribed with reference to FIGS. 5-6. Initially, a requester, such asthe ORB, that wishes to obtain a pointer to a managed object (e.g.,Object B) from an object reference, passes an object reference to theroot container and requests a managed object pointer, STEP 500 (FIG. 5).Specifically, in one embodiment, the entire object key value is passedto the root container. The object key value is the hierarchical name keypath of the target managed object. For instance, an object key valuemight be “root/container1/123456”, where “root” is the key of the rootcontainer, “container1” is the key of the container holding the managedobject, and “123456” is the key of the managed object within thecontainer.

The root container strips off its part of the key, and passes the restof the key to the next container, e.g., container1, STEP 502. Container1then strips off its part of the key, STEP 504.

As part of the local proxy support, container1 then builds a localaccess proxy, STEP 506, and returns the address of the local accessproxy back to the requester, STEP 508.

In one example, in order to build the local access proxy, the container(e.g., container1) first determines through its configured metadata thetype of object being managed (e.g., Type B), STEP 600 (FIG. 6). Thecontainer goes to a class manager 406 (e.g., a table that represents alist of interface names) to retrieve any necessary information. Forexample, the container retrieves an entry for a local proxy factory,loaded by the DLL, to produce local proxies of Type B, STEP 602. Thecontainer drives a request to that proxy factory and obtains an instanceof Local Proxy B, STEP 604. Local Proxy B is created and the address ofthe proxy is passed back to the calling object (e.g., the ORB). (Inanother example, a proxy for an object, such as Object A, did the actualcalling and thus, the address of Proxy B is passed to the proxy forObject A, which then passes it to Object A).

When the requester receives the address of the local access proxy, therequester then issues another request, which now goes to the localaccess proxy, which communicates with the target object. In particular,in one embodiment, the local access proxy object consults with thecontainer (e.g., container1) to obtain the actual virtual memory addressof the target managed object. To obtain this address, the local accessproxy passes the target object's primary key to the container.

Described in detail above is the use of local access proxies to accessobjects, including those resident in the same address space as therequester of the objects. In one aspect, when using local accessproxies, it is generally the case that use of an object reference is toinclude the appropriate use of the “dupe” and “release” CORBA methods.In fact, in one embodiment, the use of “t-var” is recommended as a meansto hold references to CORBA objects. This recommendation applies whetheraccess to the managed object is local or across an ORB boundary. The VARcauses the release of the proxy, when it goes out of scope within a C++program.

The approach described herein allows the local access proxy todynamically switch to the appropriate target object, while allowing thecontainer to manage its activated objects in accordance with itsdesignated policies. In particular, the local access proxy is capable ofproceeding to its container to find out what object it is to drive,which is based on the underlying context in which it is being driven (inreal-time). This allows the container to manage the objects inaccordance with its policies. In one example, the container isconsulted, both before and after, each method dispatch of a managedobject. This consultation occurs from the local proxy. The containerensures no change to the disposition of the activated managed objectoccurs between the “before” and “after” calls from the local proxy.

Those policies govern not only the life cycle of the in-storage copy ofthe object, but also the physical isolation levels implemented bymanaging multiple copies of the target object, each associated with aspecific execution context, such as a transaction or a session. Bymaking memory residency of the target object independent of the numberof outstanding local references to the object, the container is able topage-out objects to more effectively manage server instance virtualmemory, while at the same time provide the trigger mechanism to causethe page-in of the object, if the object is referenced by the clientapplication.

In accordance with one aspect of the present invention, a set ofmanagement policies, selectable by the customer at object installationtime is provided (e.g., when the container is defined). These policiesgovern the management of state coherency, isolation level and residencelifetimes of both transient and persistent objects in the virtual memoryof a distributed object server, such as server instance 114 (see FIG.7). The policies 700 are managed by one or more containers 118 andinclude, for instance, an activation isolation policy, a passivationpolicy, a flush policy and a refresh policy, each of which is describedbelow.

Activation is the process by which a virtual memory image of a managedobject (or a business object) is brought into memory and initializedvia, for example, an initForReactivation method or initForCreationmethod. Activation is an implied action taken when creating a managedobject with a managed object factory. The process of activation isarchitecturally independent of transaction management, sessionmanagement, locking etc. Activation is the instantiation of an objectimage in virtual memory and the attachment of the object to either anORB or a local access proxy, so that the object is physically ready forclient driven methods.

For example, assume there is an object referred to as an employeeobject, Employee 1, and a method referred to as Increase Salary is to bedriven on that object. Also, assume that the state of the object ispersistent and lives in a database coupled to the server environment.The object has a unique identity, such as an employee serial number,which represents the primary key of the object. In particular, theprimary key is part of the object key, and the object key includes a setof information that represents a hierarchical path from the rootcontainer in a given server instance down through the container thatmanages the particular object, e.g., the employee object. As an example,the object key for the employee object symbolically looks like thefollowing: Root container/employee home primary key value/employeemanaged object primary key value.

The object key is used to activate the object, as described in thefollowing example with reference to FIGS. 8a-8 b. Initially, a clientpackages up a request, STEP 800. The request includes, for example, thefollowing information: the name of the method, e.g., Increase Salary;parameters for the method; and an object key which was obtained from theinteroperable object reference. The request is forwarded to a remoteaccess proxy object (assuming the client is in a different address spacethan the target object), which removes the object key from the requestand passes the object key and data to the server instance via an ORB,STEP 802. The ORB of the server instance receives the object key and thedata.

The server ORB then demarshalls the key in order to find the objectinside the server instance that the method is to be dispatched thereon.In particular, the ORB takes the object key and proceeds to the rootcontainer (the ORB knows where the root container is, since it ishardwired into the server instance) and drives a method called KeyToObjon the container, STEP 804. The ORB does this in order to locate anactual object to dispatch onto. Specifically, the ORB is looking for avirtual memory address of a real instance of an object and it iscounting on the container to hand the address back to the ORB. Theaddress that will be passed back to the ORB is, however, in accordancewith one aspect of the present invention, a pointer to a local accessproxy, instead of the actual object.

Continuing with FIG. 8a, when the root container receives the objectkey, it strips off the object key of the object that is to be located,STEP 806. In this example, the employee home container primary key valueis stripped off and the root container determines whether that employeehome container is active, INQUIRY 808. In one example, the rootcontainer determines whether the container is active by taking the keyvalue and searching a hash table for that value. If the value exists inthe hash table, then the container is active.

Should the container be inactive, then it is activated, STEP 810. In oneexample, activation of the container is the same process as activating amanaged object. The process is recursive and can occur at any level inthe container tree.

If the home container is active or after it has been activated, then afurther determination is made as to whether the container is within thescope of the policy associated therewith, INQUIRY 812. Again, in oneexample, this is accomplished by using policy information stored in thehash tables. Should the container not be within the scope of the policy,then an exception is provided, STEP 814.

However, if the container is within the scope of its policies, then adetermination is made as to whether another container is to be located,INQUIRY 816. In particular, a decision is made as to whether thecontainer for the particular key value is the currently processedcontainer. If not, then the procedure recurses down another layer. Inparticular, the rest of the object key is forwarded to the container,and the KeyToObj method is driven, once again, STEP 804.

Returning to INQUIRY 816, once the appropriate container to manage theemployee object in this case, is obtained, the container builds a localaccess proxy for this class of object, STEP 818. The container knows theclass of object by the information stored in the DB2 table associatedtherewith. That is, the container is aware of the managed object classname, the business object class name, the policies and a local accessproxy class. Thus, the container brings up a local proxy for thespecific employee identified by the primary key.

Subsequently, the container passes a pointer to the local access proxyback to its caller which is the root container, in this one example,STEP 820. Once the caller receives the pointer to the local proxy, itcan then dispatch the managed object through the local proxy, asdescribed with reference to FIG. 8b.

Initially, the requester drives the method represented on the localproxy, STEP 822 (FIG. 8b). Then, the local proxy consults the object'scontainer to obtain the address of the managed object, STEP 824.

Subsequently, the container enforces its dispatching policy and selectsa virtual memory copy of the object to be dispatched, STEP 826. Thisselection is based upon activation isolation level etc., and may resultin the activation of the object. In one example, the policies are cachedwithin the container, when the container is activated. The activationisolation policy includes, for instance, three levels: transactionlevel, session level and container level.

At the transaction level, a specific virtual memory image of the managedobject is activated for each transaction accessing the object. Anythread of execution running in the server instance within thetransaction may share the same activated managed object. This includesmultiple threads, as well as different threads running on thetransaction either as a result of an object request broker managedcontext switch or a resume operation, which made a given transactionactive on the thread. However, any thread running outside of thetransaction does not share the same virtual memory copy of the managedobject.

At the session level, a specific virtual memory image of the managedobject is activated for each session accessing the object. Any thread ofexecution running within the server instance within the session,including those running in different sessions, may share the samevirtual memory copy of the object. However, any thread running outsideof the session does not share the same virtual memory copy of themanaged object.

At the container level, only one virtual memory copy of the managedobject is activated at any one time within the container within theserver instance. Any session and transaction running within thecontainer may share the same virtual memory copy of the managed object.

Assume, for example, that the policy is to activate an object pertransaction. The container realizes that it is isolated at transaction,so the container determines which transaction it is running under. Thisis accomplished by consulting the transactional context hanging off ofthe execution thread associated with the request. If, for instance, itis determined that the transactional context is Transaction 7, then thecontainer references the hash table (e.g., DB2 table) and uses theprimary key value of the object, along with the information ofTransaction 7, to determine if the object is activated in memory. Ifthere is no object having that primary key value for Transaction 7, thenthe object is created.

In particular, the object can be created from scratch or the containercan have pools of objects (e.g., hot cached shells of the objects) usedto obtain an instance of the managed object. As one example, an instanceof the managed object, the data object and the primary key object isobtained.

After obtaining the instances, the container takes the primary key valueand passes that value to the primary key object. That is, the primarykey object is constructed by handing it its state. The primary keyobject initializes itself using a FromString method. The primary keyobject is then handed to the data object with a call“InternalizeFromPrimaryKey”. The data object retrieves whateverinformation it needs to identify this object. For example, the dataobject retrieves the primary key value so that it can go to a DB2database with an SQL select.

Thereafter, the container drives a method on the data object called aRetrieveFromDataStore method. The data object takes the primary keyvalue, plugs it into a select statement (e.g., SQL) because it is aretrieve method and goes out to the database, fetches the appropriaterow, brings the data in, and places it in the data object. Once this isaccomplished, the data object validates that the object actually exists.Thus, the data object takes the primary key and goes to the database andhands back to the container some indication that the object is outthere.

Next, the container drives the initForReactivation method on thebusiness object handing the business object the data object. Thebusiness object saves the latest data object and at that time canperform whatever function is necessary to initialize itself. Thebusiness object then returns to the container and the container passesback to the local access proxy the actual address of this activatedobject.

After the container selects the virtual memory copy of the object, thelocal proxy delegates the method request to the actual managed object,whose address was obtained from the container, STEP 828. The managedobject performs its business function and returns to the local proxy,STEP 830.

Thereafter, the local proxy consults with the container again to allowthe container to do any cleanup after the method execution, STEP 832.Further, the local proxy returns to the requester, STEP 834.

In addition to the above, during object activation, the container alsoregisters itself with an object transaction service (OTS) 900 (see FIG.9) as an OTS synchronization object. (OMG OTS is described in CORBAservices specification available on the OMG web page (WWW.OMG.ORG) undertechnical library, and is hereby incorporated herein by reference in itsentirety.) That is, the container places various information in a tableassociated with OTS. As shown in FIG. 9, OTS is coupled to a resourcerecovery service (RRS) 902 located within the operating system. Sincethe container is a synchronization object, it implements a “beforecompletion” method and “after completion” method. Thus, as one example,when a transaction is ready to be committed, OTS uses the sync object toinform its objects that a commit is about to happen (“beforecompletion”) and that it has happened (“after completion”).

Additionally, OTS passes the commit to RRS 902, which is responsible fordriving the commit to any resource managers coupled to the serverinstance. It is the resource manager(s) that is ultimately responsiblefor performing the commit. When the commit is done, RRS returns to OTSand indicates completion.

In one embodiment, as part of a transactional commit, the objects arepassivated. Passivation is the opposite of activation. Passivation isthe ability to push the data back out to the database and to eliminatethe virtual memory copy of the data. In particular, the beforecompletion method on the synchronization object causes data to be pushedto the database. This enables updates to be made, prior to RRS informingthe resource manager to start the 2-phase commit process.

Passivation is the act of removing an image of a managed object fromvirtual memory within a server instance, so as to detach it from theobject request broker or the local access proxy. The use of a localaccess proxy gives the container the ability to passivate the objectbased on the appropriate policy, instead of having to keep track of thevarious pointers to the object. When a container decides to passivate anobject, the container pushes the object's data back to the resourcemanager, such as DB2. The managed object is notified of passivation viaan uninitForPassivation method or an uninitForDeletion method. Deletionof a managed object implies the act of passivation before the object isformally deleted. Passivation may be triggered at different times andfor different reasons not relevant to the act of passivation itself. Inthe case of transient objects with no backing resource manager otherthan the container itself, passivation implies deletion of the managedobject.

A management policy associated with passivation is referred to as apassivation policy, and it includes, for instance, four options: pinned,pinned for the life of the session, pinned for the life of thetransaction, and not pinned.

Pinned indicates that the managed object is never passivated. In orderto make the managed object unavailable to a client driven methoddispatch, the managed object is deleted (i.e., removed). Transientobjects are typically pinned, although this policy may also be appliedto persistent objects (e.g., objects in which their data are stored in abacking store), as well. The container may remove the activated objectfrom virtual memory in the case where a refresh of the managed objecthas failed due to the object being deleted. This may occur in looselycoherent systems when a client application has deleted the managedobject within a replicated server region other than the current one.

Pinned for the life of the session indicates that the managed object ispassivated within a server instance, when no sessions are associatedwith it. Note that session suspension from the thread of execution doesnot result in the disassociation of the session with the managed object.Session association is the action resulting from a thread of executionrunning within a given session touching the managed object. Thatassociation lasts for the life of the session.

Pinned for the life of the transaction indicates that the managed objectis passivated within the server instance, when no transactions areassociated with it. Note that transaction suspension from the thread ofexecution does not result in the disassociation of the transaction withthe active managed object. Transaction association is the actionresulting from a thread of execution running within a given transactiontouching the managed object. The association lasts for the life of thetransaction.

Not pinned indicates that the managed object may be passivated at anytime prior to the end of the transaction at the discretion of thecontainer. Further, the managed object is passivated when notransactions are associated with the managed object.

In one example, prior to passivating a managed object, the object isflushed in order to push the changed essential state of a managed objectto its backing resource manager. In one example, the essential state ofthe business object is kept in the data object and accesses to theessential state are delegated to the data object. This is known as adelegating pattern. This pattern is designated through the inheritanceof the managedobjectWithDataobject interface. With this pattern, theessential state is pushed through the execution of an update operationon the data object.

However, in another example, the essential state of the business objectis resident in the business object and not the data object. This isknown as a caching pattern. This pattern is designated, if the businessobject inherits the managedobjectWithCachedDataObject interface. In thiscase, a synctoDataobject method is driven on the managed object justprior to driving the update data object operation. In particular, thesyncToDataObject method is driven by the container to cause the businessobject to push its cached state to the data object before the methods onthe data object are driven to further push the data to the resourcemanager.

In addition to the above, a managed object may be flushed several timesindependent of and prior to passivation. As a further example, a managedobject is flushed as a result of a session checkpoint operation, if themanaged object is associated with the session being checkpointed.

Other explicit flush policy options may also be provided. For example,one policy option indicates that flushing is to be performed at the endof transaction. With this policy, the data object update operation andcorresponding syncToDatastore operation are driven each time thecontainer recognizes the end of a registered transaction, which has beenassociated with the managed object. The end of transaction policyapplies to each transaction accessing the instance, even if the instancehas been activated under an activation isolation policy which allowsmultiple transactions to be running concurrently on the same sharedvirtual memory copy of the managed object. Therefore, a single activatedmanaged object may be flushed multiple times within multiple concurrenttransactions under the respective policy options.

As a further example, no explicit flush policy is defined. If this isthe case, then the flush operation is performed at the time ofpassivation and as a result of a session checkpoint operation.

A managed object may also be refreshed. Managed object refresh is thelogical action resulting from the execution of a retrieve operation onthe data object associated with the managed object. The retrieveoperation is responsible minimally for ensuring the existence of themanaged object's essential state in the backing resource manager basedupon its identity and as represented by the primary key value of themanaged object. In addition, the retrieve method may obtain part or allof the essential state of the managed object from the associated backingresource managers. In the case of the cached managed object (i.e., amanaged object with a cached data object), a syncfromDataobjectoperation is also driven on the managed object during refresh, after theretrieve operation has been driven against the data object. Thesyncfromdataobject method is the opposite of the synctoDataobjectmethod. The syncfromdataobject method is driven by the container torequest the business object to retrieve its cached essential state fromthe data object.

A managed object is refreshed as part of the process of being activated.In addition, the managed object may be refreshed, while in the activatedstate and may be refreshed a number of times before it is passivated. Asan example, the managed object is refreshed as part of a session resetoperation, if the managed object is associated with the session beingreset.

In addition to the above, explicit refresh policy options may beprovided. These options include, for example, refresh at transactionrecognition, at session recognition and no policy. At transactionrecognition, the data object retrieve operation and correspondingsyncFromDatastore operation are driven each time the containerrecognizes a new transaction on the thread of execution touching theobject.

At session recognition, the data object retrieve operation andcorresponding syncFromDatastore operation are driven each time that thecontainer recognizes a new session on the thread of execution touchingthe object. The refresh policies apply even if the object instance hasbeen activated under an activation isolation policy which allowsmultiple transactions or sessions to be running concurrently on the sameshared virtual memory copy of the managed object. Therefore, a singleactivated managed object may be refreshed multiple times within multipleconcurrent transactions and sessions under the respective policy option.

When no explicit policy is defined for refresh, then refresh occurs atthe time of activation.

In one embodiment, in order to define or associate any policies with thecontainer, a systems management application provided by component brokerruntime services is used. This application provides, for example, a listof the policies that can be selected for a container, and allows theappropriate policies to be chosen. The chosen policies for thedesignated container are then stored in a systems management repository(e.g., a DB2 database).

Active in-memory instances of objects within a server instance aremanaged by a container 1000 (FIG. 10). One responsibility of thecontainer is to provide a persistence mechanism so that an in-storageobject 1002 can be populated with essential state from an external datasource 1004, such as a database, and then stored back to the database,such that any changes to the object become persistent. Often times,however, the facilities provided to make an object persistent areaccompanied by other related functional requirements, such asconcurrency control, which is a mechanism for locking or serializing theessential state of the object, so that the contents of the object arestable and observable within the context of a given unit of activity,such as a transaction; access control, which provides security; andcommit control under a transactional unit of work, which controls whenchanges are to be committed or rolled back. Further, it is often thecase that for enterprise class data systems use of the data in adatabase is not exclusive to the object using it. Many times, the samedata is used by various types of applications concurrently, some ofwhich execute in more traditional types of environments, such as in CICSor IMS (offered by International Business Machines Corporation), whichare outside of the scope and management of the object server instance orsystem. This data is typically controlled through various types ofpolicies, which govern control of access to the data (i.e., security),sharing of the data across multiple users and systems, concurrencycontrol of the data, and transactional recovery of the data.

Conventionally, a container is built in an object server instance basedupon the premise that persistent objects live in the object serverinstance and are simply composed from data that lives in a database.When this view is taken, the object server instance takes on theresponsibility for hosting and executing the types of policies describedabove. For example, typical object server implementations provide alocking service to perform concurrency control of the object within theobject server instance. The object server instance assumes a similarresponsibility for access control of the object. There are a number ofproblems associated with this approach, however. Some of these problemsare enumerated below:

1) Building a scalable lock manager is complicated and error prone.

2) Building a scalable multi-system lock manager is even morecomplicated and error prone.

3) Because the data being used to populate the object is also being usedfor other purposes in the system, any locking function done in theobject server domain must then be reconciled with locking done in thedatabase management domain.

4) Many times the access control policies resident in the object serverdomain are replicas of the access control policies in the datamanagement domain, adding performance degradation to the runtime andsystems management cost to the customer.

5) Building a recoverable resource manager is complicated and errorprone. Providing this function, including the transactional loggingrequired to support it, in the object server is often duplicatingfunction that is required in the data management domain anyway.

6) Providing efficient caching of the object state across transactionboundaries in the object server domain requires a reconciliation of thecaching policies provided in the data management domain. Further, in thecase of a clustered systems configuration, the caching is to bereconciled across multiple systems.

In order to eliminate the above problems, various aspects of instancemanagement are delegated from container 1000 to one or more underlyingresource managers 1006, such as DB2 offered by International BusinessMachines Corporation (Armonk, N.Y.). In particular, the responsibilityfor locking (e.g., concurrency control), access control, caching acrossmultiple systems (i.e., multisystem caching), and commitment control isdelegated to the underlying data manager. As such, the object serverinstance is no longer considered the home for an object, but instead, isconsidered a temporary dispatching space for the persistent object,which is staged or cached into the object server instance from itspersistent home in the database.

Thus, when a request is made by the object server instance to obtain oneor more attributes of the object (e.g., for an employee object, theattributes may include name, salary, department, etc.), so that it canbe composed/staged for dispatch in the object server instance virtualmemory, the resource manager, instead of the container, performs and/ormanages any locking, multisystem caching, access control and commitmentcontrol needed to obtain the attributes. This, in combination withinstance management policy, which, for example, provides for a separatecopy of the staged object in virtual memory per transaction, eliminatesthe need to provide concurrency control within the object serverinstance, since locking is typically managed at transactional boundarieswithin the resource (or data) manager.

The object is effectively serialized through whatever locks are held inthe underlying resource manager for each of the object's attributes.Further, the locks that are held in the resource manager domain areproviding concurrency control across multiple systems in a clusteredconfiguration. It also allows the resource manager to negotiate thecompatibility state of the locks in real time as other requests (eitherfrom other object servers or traditional transaction environments, suchas CICS or IMS) are made for the data.

The same placement of responsibility exists with respect to security.Access control is provided by the underlying resource manager as therequests are made from the object server instance to build the object invirtual memory for use by a given user. The same placement ofresponsibility exists with respect to data caching and recoverablecommitment control. There is no need for the object server instance toprovide resource recovery and logging, since that function is pusheddown to the underlying resource manager. With respect to caching, theobject server instance does not take responsibility for holding state inits virtual memory beyond the point at which the state could becomeinvalid in the underlying resource manager. This treatment is onlyoverridden through designation of specific policy in the object serverinstance. Another advantage of this approach is that any ongoingimprovements and functional extensions provided in the underlyingresource manager are immediately leveraged transparently in the objectserver instance.

In order to delegate the various aspects of instance management from acontainer to a resource manager, particular contexts are provided inobject space, so that they can be provided on the interfaces used toaccess the resource manager(s). As one example, it is the object requestbroker that sets up a particular context on a thread of execution,thereby pushing the management responsibilities to the resourcemanager(s), rather than having the containers implementing theresponsibilities themselves. This is described in further detail belowwith reference to FIG. 11.

As one example, an ORB 1100 is responsible for dispatching methods on agiven thread of execution 1102. By extension, the ORB is responsible (atlest initially) for the setup of any execution contexts 1104 on thatthread of execution. These execution contexts include, for instance:

1) A transactional context that identifies the transaction beingperformed and within which a piece of work is completed. The context isrepresented by a transactional unit of work and it has an identity and astate associated therewith. By associating the transactional contextwith a thread of execution, anything running on that thread of executionknows that it is inside the context of that transaction.

2) A security context that provides a set of credentials that representssome principles or some users and those credentials are associated withthe thread of execution. This provides an indication of the principle oruser that is requesting this piece of work.

3) A performance management context which is associated with workloadmanagement for that thread of execution. It describes the policies thatare used to allocate resources to achieve the best performance.

In one embodiment, the ORB attaches the different contexts (e.g.,transaction, workload management and security) by using a set ofservices in OS/390 or MVS called context services. In particular, acontrol block called a work context is provided by the context services.For example, a set of application programming interfaces are used thatallow the ORB to associate the context(s) with the current thread ofexecution. This is called a context switch, which enables a context tobe switched onto a thread or switched off of the thread. It is up to theindividual work manager (the ORB in this instance) to set inside thecontext the correct identities, tags, names or whatever is needed torepresent those contexts. Then, as the work unit (the thread ofexecution) flows across different environments, the resource managerscome to the work context to find the data, which is located atarchitected places within the context. Context services is furtherdescribed in “OS/390 MVS Planning: Workload Management,” IBM Pub. No.GC28-1761-07 (March 1999); “OS/390 MVS Programming: Workload ManagementServices,” IBM Pub. No. GC28-1773-06 (March 1999); and “OS/390 V2R5.0MVS Programming: Resource Recovery,” IBM Publication No.GC28-1739-02(Jan. 1998), each of which is hereby incorporated herein byreference in its entirety.

Although the ORB initially sets up the contexts, it is possible for thecontainer, since it is on the dispatch path to every method, to be ableto change or manipulate those contexts based on additional policies atthe container. As one example, the container can switch from onetransaction (e.g., Tran 1) to a new transaction (e.g., Tran 2).

In one example, in order for the container to delegate responsibilityfor performing certain functions (e.g., prepare to commit, commit,locking, logging, etc.) to one or more resource managers, the resourcemanager(s) also has to be aware of the transactional contexts. Themanner in which this is accomplished is described below.

In one example, when the container is initialized (initForReactivation),the container initializes a connection object 1108, which is used tocouple container 1106 with a resource manager 1110. In particular, theconnection object has been linked with a DLL with a specific version ofa resource manager attachment 1112, e.g., a DB2 attachment called RRSAF.Thus, when the container is being initialized, it initializes theconnection object and drives an initialize method on this connectionobject. The connection object is attached to the system's managementrepository, which indicates which resource(s) are to be attached to thiscontainer. In this example, container 1106 is to attach to a particularDB2 subsystem, called XYZ.

In one embodiment, the attachment of the container to DB2 is performedusing an API called “Identify”. Thus, the connection object calls the“Identify” piece of code, which is DB2 supplied. DB2 receives the calland determines that it is an identifier over the RRSAP package. Thus,DB2 sets up an RRSAF control structure 1114, in this case, on task 1102.

With the Identify protocol, DB2 knows what specific threads are going tobe talking to DB2. Thus, when a thread of execution comes across, DB2looks that thread up and for that thread goes over to the context andfinds out what transaction it is in. At that point, DB2 performssimilarly to the containers.

DB2 also knows that by attachment through RRSAF that DB2 has somespecial exits. DB2 registers its interest in this transaction usingresource recovery service 1116, which is tracking the transaction.(RRSAF is a part of that service.)

In addition to the above, the object transaction service 1118 (OTS)coupled to RRS also delegates its responsibilities down to RRS. OTSdelegates its responsibilities down to RRS through a set of RRSinterfaces (e.g., prepare, commit, write log data interfaces, etc.).Thus, in accordance with one aspect of the present invention, there is adelegation of responsibilities in one direction (axis) through theresource managers and in the other direction (axis) to the underlyingoperating system.

Within a distributed object server instance 1200 (FIG. 12a), managed orbusiness objects 1202 are often persistent. That is, they are composedfrom data residing in one or more databases 1204. In a legacyenvironment, where there exists a variety of data sources, such as DB2,IMS and CICS (all offered by International Business Machinescorporation, Armonk, N.Y.), as well as various other data sources, thereis a need to extract data from these resource managers and use the datato provide a persistent object with its essential state.

In order to accomplish this composition, and also hide the specificlocation and schema of the data being used to populate the object, atleast one container 1206 and at least one data object 1208 are used. Thecontainer facilitates the attachment from the object server instance toa resource manager 1210, so that the resources from database 1204managed by resource manager 1210 can be used to populate the object. Themapping of the specific state in the object to specific rows or recordsin the database is performed in data object 1208. The data object is ahelper object in the object server instance runtime to assist in themanagement of the persistent state of the business object and tofacilitate the movement of data back and forth from the business objectto the database over the attachment being managed by the container.

Typically, the containers and the data objects are built with aconstraint which limits their attachment and interaction with exactlyone type of resource manager. The problem with this approach is that inmany cases there is a need to compose a business object for multiple anddifferent types of backend resources. For example, a particular businessobject of type “employee” may obtain the employee serial number and namefrom DB2, but obtain its salary attributes from a VSAM record or from anexisting IMS transaction program. If this is the case, a typicalsolution involves either performing composition in the applicationthrough multiple business objects, each one being managed by a separatecontainer; or by building a composed data object by delegating thefunction to multiple other business objects, again, where each one ismanaged by a separate container and where each one is associated withits own subordinate data object.

This approach leads to performance degradation not only because of theadditional pathway of dispatching multiple objects over severalcontainers, but also in terms of additional memory being used to holdthe additional objects. In the worst case, where the application isforced to deal with the composition, the application developer becomesaware of the specific data type, location, schema, and composition,which constrains the design of the application in a way as to jeopardizeportability and reuse of the business object itself. Additionally,requiring multiple containers to be used introduces systems managementburden that could otherwise be avoided. Also, the development processused to create the multiple data objects and the processes under whichthese objects are packaged together to form the support for a singlebusiness object becomes unnecessarily complex and costly.

Thus, in accordance with one aspect of the present invention, composedcontainers and composed data objects are introduced. A composedcontainer 1220 (FIG. 12b) is one in which multiple and differentresource managers 1222 can be configured and driven. The composedcontainer manages a plurality of attachments and connections to all ofthe resource managers required or desired to support the composition ofa single business object 1224. The corresponding data object 1226 isalso composed and supports the various request level interactions to thevarious backend resources required or desired to supply the businessobject with its essential state. This approach simplifies the installand configuration of containers; simplifies and consolidates requestlevel interactions in a single data object; improves pathlength becausemultiple and separate dispatches across multiple containers areeliminated; and provides the application developer a cleaner more directmapping of the runtime objects in the application model beingimplemented.

In one embodiment, composed container 1220 is implemented using aplurality of connection objects 1228. Each connection object 1228 isassociated with and coupled to a resource manager 1222. For example, oneconnection object is associated with Resource Manager 1 (e.g., DB2) andanother is associated with Resource Manager N (e.g., IMS).

In one embodiment, connection objects 1228 are defined using connectionspecifications, which are created using, for instance, user interfacesprovided by component broker runtime services. A systems administrator,as one example, defines a connection specification for each resourcemanager to be connected to a container. The connection specificationidentifies a set of information needed to connect to the resourcemanager. For instance, for DB2, it includes the DB2 subsystem name.

When a connection specification is defined, it has a type (e.g., a DB2connection) and it has a connection object class that is to be used. Inaddition, for the particular type of connection, it includes whateverinformation is necessary for the container to attach or connect to thebackend resource. The connection specifications and associatedinformation are stored in a database, such as a systems managementrepository coupled to the server instance. The systems managementrepository also includes information related to the containers.

When a container is being initialized (e.g. initForReactivation), thecontainer is provided with a list of one or more connectionspecifications. The container selects from this list those connectionspecifications representing resource managers to be connected to thecontainer. Then, for each selected connection object, the containerretrieves from the systems management repository any informationrelating to that connection specification. This information includes aconnection object class name for each connection specification. As oneexample, the class name plus any specific information needed for theconnection is passed to the container in a streamed format. Thecontainer then creates a connection object using the connection objectclass name and initializes the connection object with the data, suchthat the container can attach to the resource manager (e.g., DB2).

During initialization, the container drives an “init” method on theconnection object. During “init”, the connection object uses the DB2RRSAF attachment (i.e., the piece of library code that has been linkedwith this connection object) to connect with the resource manager. Forexample, the connection object uses the DB2 subsystem name to connect tothe DB2 resource manager. The particular implementation for theconnection object is supplied by each resource manager.

In one embodiment, each connection object class is hardwired for aspecific type of resource manager. Each connection object has a numberof interfaces to be implemented including initialization, in which theattached resource manager is to perform whatever processing is requiredto attach the server address space to the resource manager addressspace; identify transaction, in which the connection object isresponsible for performing any processing required to set up a contextfor performing work under a specific given transaction (e.g., in DB2,there may be a need to create a logical DB2 thread of execution that istied directly to the current transactional unit of work); anduninitialization and unidentify transaction, which are used to performcleanup processing for their respective events.

In one embodiment, when a container sees a transaction for the firsttime, the container registers a synchronization object with OTS and alsoinforms each connection object that the transaction is to be identified.Depending on the type of attachment, that connection object may or maynot perform an action. For example, for DB2, the connection objectcreates a DB2 representative of a thread and signs the user on, so thatDB2 knows about the user. In particular, in the connection object, thetransaction is identified and DB2 creates a thread and anchors one ofits structures onto the RRS context. Thus, when a data object accessesDB2, the data object pulls its own data out of the context.

In addition to the above, one or more composed data objects 1226 arealso provided. In particular, each composed data object is made tounderstand multiple different resources. That is the data object caninclude, for instance, SQL statements, as well as CICS and IMS calls, orit can delegate down to, for example, a specific DB2 sub data object.

In one embodiment, in order to create a composed data object, aninitialize method is driven by the container. During thisinitialization, one or more request helper objects, built by theconnection objects, are handed to the data object. Each request helperobject contains information the data object may need to sustain arequest to a particular resource manager. Thus, the container hands alist of helper objects to the data object and the data object selectsthose that are needed (e.g., one for DB2, one for CICS, one for IMS,etc.). In the helper object is the name of the appropriate connectionspecification.

Described in detail above are server instances, which are used to manageobjects located within those server instances. In one aspect of thepresent invention, a server instance can be replicated either on thesame system image or across multiple system images. One example ofserver instances replicated across multiple system images is describedwith reference to FIG. 13a.

Depicted in FIG. 13a are two server systems, SYSTEM 1 (1300 a) andSYSTEM 2 (1300 b) coupled to one another, via a coupling facility 1302,to form a clustered sysplex configuration. Coupling facility 1302(a.k.a., a structured external storage (SES) processor) contains storageaccessible by the systems and performs operations requested by programsin the systems. Aspects of the operation of a coupling facility aredescribed in detail in such references as Elko et al., U.S. Pat. No.5,317,739 entitled “Method And Apparatus For Coupling Data ProcessingSystems”, issued May 31, 1994; Elko et al., U.S. Pat. No. 5,561,809,entitled “In A Multiprocessing System Having A Coupling Facility,Communicating Messages Between The Processors And. The Coupling FacilityAnd Either A Synchronous Operation Or An Asynchronous Operation”, issuedOct. 1, 1996; Elko et al., U.S. Pat. No. 5,706,432, entitled “MechanismFor Receiving Messages At A Coupling Facility”, issued Jan. 6, 1998; andthe patents and applications referred to therein, all of which arehereby incorporated herein by reference in their entirety.

Each system is executing an operating system image 1304 a, 1304 b,respectively, such as the OS/390 or MVS operating system offered byInternational Business Machines corporation (Armonk, N.Y.). As oneexample, operating system 1304 a controls execution of one or moreserver instances 1306 a, which are replicated across the system asservers 1306 b. For example, Server 1 of System 1 is replicated inSystem 2 as Server 1.

Additionally, each operating system includes or is coupled to a workloadmanager 1308 a, 1308 b, respectively. Each workload manager balancesworkload among the systems of the sysplex in order to achieve optimalload balancing and system performance. One example of a workload manageris described in “OS/390 MVS Planning: Workload Management,” IBM Pub. No.GC28-1761-07 (March 1999), and “OS/390 MVS Programming: WorkloadManagement Services,” IBM Pub. No. GC28-1773-06 (March 1999), each ofwhich is hereby incorporated herein by reference in its entirety.

Further, coupled to each operating system image is one or more resourcemanagers 1310 a, 1310 b, respectively. Each resource manager owns andcontrols the data associated with that manager, as described above.

One or more clients 1312 send requests to the server instances via, forinstance, TCP/IP connections.

In order to select an appropriate server instance to perform a task,when that server instance has been replicated within a given systemand/or across systems in a sysplex, one or more daemons are used, inaccordance with one aspect of the present invention. In one example, adaemon 1314 a, 1314 b (FIG. 13b), respectively, has been added to eachsystem. These daemons are location service agents, which are used tobalance workload, as described below. In particular, the locationservice daemons facilitate workload balancing of client communicationsessions to replicated object server instances based on the industrystandardized CORBA IIOP (TCP/IP) protocol with no proprietary extensionsbeing required either in the communications protocol (e.g., IIOP) or inthe client-side runtimes establishing communication with the workloadmanaged server instance.

Within the IIOP protocol, there exists an architected control flow thatoccurs when a client attempts to locate an object of interest in adistributed network. This control flow is defined by CORBA and isreferred to as the “locate flow”. There are three possible responses tothis flow. The flow occurs to the server instance identified by theobject reference used to identify the object, and the server instanceresponds with: 1) the object is here on the target server instance, 2)the object does not exist, or 3) the object is not here on the serverinstance, but it may be on another server identified by the new objectreference being returned with this response. This third type of responseis called a “location forward” reply. The client ORB on receiving thelocation forward type of reply issues another locate request to theserver instance identified by the returned object reference.

In accordance with one aspect of the present invention, the locationforwarding mechanism is used in a unique way to cause the balancing ofclient communication endpoints across a set of replicated serverinstances. The mechanism uses, for instance, direct and indirect objectreferences. A direct object reference is one in which the actual networkaddress of the subject server process (address space) is bound. Anindirect object reference is one in which the network address of alocation service agent or daemon is bound. It is assumed for this aspectof the present invention that first class references to distributedobjects are indirect. Thus, any reference obtained by a distributedclient application is indirect and results in a locate request to thelocation service daemon when it is used.

One embodiment of the logic used to select an appropriate serverinstance to perform a task is described with reference to FIG. 14.Initially, the client obtains an indirect object reference via, forinstance, a name service or as a result of an unrelated object methodrequest returning the reference as an output parameter, STEP 1400. Then,the client issues a locate request to the daemon using the indirectobject reference, STEP 1402.

Thereafter, the daemon, masquerading as an actual object serverinstance, consults with the workload manager on its system and asks theworkload manager to choose an available server instance runningsomewhere in the sysplex, so that this client communication can beestablished, STEP 1404. The workload manager selects a server instancebased on its assessment of available resources and capacity across theconfiguration and returns the reference information of the selectedserver instance (e.g., Server 1 of System 1 or Server 1 of System 2) tothe daemon. The daemon then replies to the locate request with thelocation forward reply passing the new reference of the actual serverinstance that has been selected, STEP 1406. This returned reference is adirect reference so that the next locate request, by the client, isdelivered to the actual selected server instance rather than to thedaemon, STEP 1408. In this case, the selected server instance respondsto the locate request with “an object is here” reply.

In order for the location service agent to be able to have the workloadmanager select the appropriate server instance to perform a task, theagent first registers itself with the workload manager as a daemon. Thishas specific meaning to the workload manager. In particular, theworkload manager expects the daemon to come back to the workload managerto request the workload manager to locate a particular environment name.

In order to register with the workload manager, the daemon uses variousworkload management interfaces to obtain the best location of a serverinstance that has registered with the workload manager. It is the serverinstance (e.g., a control region, as described below) that registerswith WLM as a “work manager.” The daemon asks WLM to find an appropriate“work manager” under a given class of name, and WLM returns thelocation.

The use of replicated server instances is optimal when all of the serverinstances have equal and shared access to the resources required by theapplication server instance. Two specific advantages realized when thisreplication is enabled are 1) reduction of single points of failure, 2)balanced performance and scalability. Further, the 390 system designasserts that the optimal place to make workload management decisionsregarding the placement of inbound work over a set of replicated serverinstances is at the sysplex facility where all pertinent informationrequired for making an intelligent decision of the placement of theworkload exists and can be evaluated in real time as the work arrives tothe configuration. In addition, in a distributed system, wherecommunication protocols and the runtimes implementing those protocolsare standardized to allow the communication to occur across a set ofclients and servers provided by different vendors, there is an advantagein making workload management decisions at the server side of thecommunication runtime so that proprietary workload management basedextensions are not required in the various client side runtimes providedby all of the various vendors.

In accordance with another aspect of the present invention, workloadbalancing across a set of replicated servers is performed such that itoccurs at well known boundaries within the execution of an application.This is to protect transient state associated with a runningapplication. In particular, within most application server instances,there exists transient state associated with a running application whichis tied to and managed from the physical address space or serverstructure servicing the application. This transient application state insuch systems is deemed to be valid and coherent within some prescribedand well known unit of application activity, such as within atransactional unit of work. Examples of such a state include, but arenot limited to, updates that have been made to objects or data residentin the virtual memory cache of the address space and are pending withrespect to the persistent home of the data on some physical medium, suchas disk. Typically, such pending updates are pushed to their eventualhome on disk at the end of the prescribed unit of application activity;for example, at the end of the current transactional unit of work. Otherexamples of transient state include control information or meta dataused to govern the execution of the application, such asstate/transition policy or state data reflecting the current state ofresources being used by the application, such as an open file orcommunication device.

Within a distributed system, and within a prescribed unit of applicationactivity, there may be several interactions from a given client eitherdirectly to a target server instance where such application state isbeing held, or through multiple other intermediate middle tier serverinstances to the target server. All requests to the target server'sapplication state under a given application unit of activity is directedto the same physical instance of the server's address space in order toensure proper execution of the distributed application. If, however, thetarget server instance is replicated across the physical systems in aclustered configuration, and access to the replicated server instancesis governed by workload management policy, sessions from intermediatenodes in the distributed network, established to the target serverinstance under a common unit of application activity may be balanced orspread to different physical server instances, thereby introducingerrant behavior in the application. In other words, workload balancingacross a set of replicated servers is to occur at well known boundarieswithin the execution of the application. Within those boundaries, amechanism is used to ensure a temporary affinity to a specific serverinstance within a clustered system configuration is defined, recognizedand enforced, so that any requests under the same unit of applicationactivity from any node in the distributed network arrives at the samephysical server instance in the configuration.

To ensure a given transactional unit of work arrives at the appropriateserver instance within a clustered system configuration, a highperformance multisystem registration of transaction interest and theCORBA compliant IIOP related location forwarding mechanism are used.

One embodiment of ensuring a given unit of work arrives at anappropriate server instance is described with reference to FIG. 15. Whena method request arrives at a server instance, and it is accompanied bya particular unit of work, such as a distributed transactional context,STEP 1500, a determination is made, by the ORB, as to whether the serverinstance receiving the request is the owner of the transaction, INQUIRY1502. In other words, the server instance makes a local decision as towhether it already owns responsibility for the inbound transaction. Inone example, this determination is made by checking a registration tablelocated within the coupling facility coupled to the server instance orwithin memory of the server instance.

Should the server instance own responsibility for the inboundtransaction, then the server instance handles the request.

If the server instance determines that it is not the registered owner ofthe transaction, it attempts to register the server's interest in theinbound transaction, STEP 1504. This registration occurs, for example,at the coupling facility and is performed in an atomic fashion by using,for example, a Global Resource Serialization (GRS) global enqueue (ENQ).GRS is described in “OS/390 MVS Planning: Global ResourceSerialization,” IBM Pub. No. GC28-1759-04 (March 1998); “OS/390 MVSProgramming: Authorized Assembler Services Guide,” IBM Pub. No.GC28-1763-06 (March 1999); “OS/390 MVS Programming: Authorized AssemblerServices Reference,” IBM Pub. Nos. GC28-1764-05 (Sept. 1998),GC28-1765-07 (March 1999), GC28-1766-05 (March 1999), and GC28-1767-06(Dec. 1998); “OS/390 MVS Programming: Assembler Services Guide,” IBMPub. No. GC28-1762-01 (Sept. 1996) and “OS/390 MVS Programming:Assembler Services Reference,” IBM Pub. No. GC28-1910-1 (Sept. 1996),each of which is hereby incorporated herein by reference in itsentirety. The registration information includes, for instance, specifieduser data (e.g., a UUID) in the request, which identifies the specificserver instance within the configuration associated with the specifiedtransaction.

Thereafter, a determination is made as to whether the registration wassuccessful, INQUIRY 1506. That is, if no other server instance replicahas registered its interest in the same transaction, then registrationsucceeds and that server is deemed the appropriate server instance forthe unit of work, STEP 1508. If some other server instance replica hasregistered its interest in the transaction, the attempt to registerfails. In this case, a GRS operation (e.g., a GQSCAN) is initiated toobtain the registration information, which includes the identity of theserver instance that is registered for the transaction and thetransaction id, STEP 1510. When that information is returned, a newobject reference is built using the location of the registered serverinstance and the current object key for the object being dispatched,STEP 1512.

Subsequently, the server instance returns a location forwarding reply tothe client, STEP 1514. The CORBA protocol allows the location forwardingreply to be returned on any distributed method request sent to a givenserver. The client ORB then uses the new object reference to establishan IIOP connection to the appropriate server instance within thesysplex, STEP 1516.

By using the above protocol, advantageously, if a connection fails whilea transaction is being processed, the connection can be reestablishedwithout aborting the transaction.

As described above, the ORB provides low-level connectivity capabilitiesthat allow objects relate to one another. However, in order to enableapplications and other components to be written in ORB-basedenvironments, other functionalities are provided. According to theObject Management Group (OMG), these functionalities are to be definedas separate modular components above the ORB level. One of thesefunctionalities includes a naming service, which allows objects to referto other objects by name. In particular, the OMG Naming Service allowshuman readable names to be assigned to objects, so that the names can belater used to find the objects.

Names exist and are unique within a naming context. Specifically, a nameis bound to an object within a naming context (i.e., a binding). Anaming context is itself an object, and thus, it can be bound with aname to one or more other naming contexts.

The OMG Naming Service specification (based on CORBA) defines a systemname space and a set of operators that can manipulate the contents ofthat name space. One example of a name space is depicted in FIG. 16a anddescribed herein. A name space 1600 includes a plurality of objects1602, referred to as naming context objects or naming contexts. Eachnaming context object includes at least one binding to another object.That binding maps a human readable name to an object reference whichidentifies the named object.

A fundamental concept in the OMG Naming Service is that the name spaceis composed of naming contexts bound together to form a tree 1604. Sinceeach naming context is itself an object, and thus, may be distributed,the name space may be distributed across multiple name servers acrossthe distributed network. (As another example, the name space is notdistributed (see FIG. 16b)).

Creating an association between two naming contexts is simply a matterof binding or associating the one context with a name into the othercontext, just like any other object. To be more specific, the nameservice provides two distinct interfaces for associating a name with anobject. One is used to bind naming contexts to a parent naming context,and the other is used to bind non-naming context objects to a parentnaming context.

To further illustrate the structure of the name space and the placementof naming contexts within the structure, refer to FIG. 17. FIG. 17depicts one example of a hierarchy of naming contexts 1700 within a nametree 1702. Note that the objects themselves do not have names. Insteadtheir bindings 1704 have the names (e.g., A, B, . . . ). Therefore, anobject name is by nature contextual and relative based on its placementwithin the tree. The name bound to the object exists within a givennaming context.

One problem associated with conventional naming services is how to mapbindings and naming contexts onto particular data models, such as thedata model provided by the Lightweight Directory Access Protocol(LDAP)/X.500. (The LDAP protocol and the X.500 data model are industrystandards provided by the XOPEN Group. Standards for X.500 include CCITTX.500 standards described in ITU Recommendations X.500-X.520; LDAP isdescribed in IETF RFCs 2251-2256, both of which are hereby incorporatedherein by reference in their entirety.) In particular, a need exists forsuch a mapping that is performed in a way that fully utilizes thesemantics and structure of the underlying directory without resulting inan implementation that is intimately linked with the underlyingdirectory technology.

In accordance with one aspect of the present invention, a solution tothe above problem is provided that leverages the abstractions madeavailable via object technology, along with the abstractions provided bycomponent broker runtime services. The solution allows naming contextsand named bindings (described below) to be retrieved via a “single hop”even when the names are compound names. Single hop retrieval means thata resolve method, such as the CosNaming::NamingContext::resolve method,can locate the desired object with a single lookup to the underlyingdirectory (e.g., the LDAP directory), as opposed to multiple lookups ormultiple internal calls to resolve.

In addition to the above, this aspect of the present invention furtherimproves performance by allowing naming contexts and named bindings tobe handled in a consistent fashion, thereby reducing the number of localsearch queries required. Lastly, the implementation provides a structurethat physically separates algorithms from specifics of the underlyingdirectory technology.

In particular, in one embodiment, object specialization is employed,which allows objects in the name space to be treated as bindings. Thatis, a binding falls into one of three categories: a named binding usedto represent a binding to an application object; a disjunction whichrepresents points of discontinuity in the name space, as describedfurther below; or a naming context that represents a naming contextspecialization.

Both the naming context and binding classes are managed objects. Asmanaged objects, they are broken down into a business object and a dataobject. The naming context business object includes the algorithms thatmanipulate an abstraction of the directory (e.g., LDAP), while the dataobject is responsible for managing the relationship with the underlyingdirectory. One example of the inheritance and delegation relationshipsassociated with the components of a managed object are depicted in FIG.18. For instance, it is shown that NamingService::NamingContext inheritsfrom both IextendedNaming::NamingContext and Namingservice::Binding.

The data object uses the services of the underlying directory to create,delete, retrieve, and update entries that correspond to bindings andnaming contexts. In accordance with one aspect of the present invention,the binding and naming context classes support the same attributes.Thus, the binding and naming contexts classes act as dual personalitiesfor the same underlying directory data. A personality is defined as theobject representation of the data. Since a naming context is a bindingbecause of the inheritance relationship between them, the existence ofthat binding implies the existence of the naming context bound in thename space.

Defining the naming context in this manner allows efficient one hoplookup of objects that reside in a particular name server. Since eachobject that is included in the name space is represented by a bindingobject, the retrieval of a named binding of a given name requires asearch against a single home collection—the binding home collection.

Each binding contains an attribute that represents the handle for itsassociated personality. In the case of bindings that represent namingcontexts, the personality is a pointer to the object whose class isnaming context, but whose primary key is the same as the binding, namelyit is the full binding name. Thus, once the desired binding has beenlocated, the view of the data backing that binding is transformed to thenaming context class by returning the personality attribute. Thus, thedual personality of the same directory data is seen.

Furthermore, if the binding, represents a binding to an applicationobject, the personality attribute is used to store a reference to thebound object. Thus, resolution of named bindings can be performedthrough a search on the binding home collection. The object that isbound to that named binding is contained in the personality field. Inthe case of bindings that represent naming contexts, the personalityfield contains a reference to an object of type naming context that isbacked by the same data. This dual mapping is made possible, since eachof the references to each of these objects contains the same key intothe directory. This is described in further detail below. (In at leastsome of the pseudo-code described herein, only excerpts of the code aregiven, which are relevant to the surrounding discussion.)

One example of pseudo-code associated with an implementation ofbind_new_context, which is used to create a new naming context and bindit into the name space is provided below. (In at least some of thepseudo-code described herein, only excerpts of the code are given, whichare relevant to the surrounding discussion.)

NamingContext bind_new_context (in Name name)

raises (NotFound,

CannotProceed,

Invalidname,

AlreadyBound);

If name is a compund name then

ctx=executing naming context→resolve (<c1;c2; . . . cn−1>) to find thenaming context to which the new context will be bound.

Invoke ctx-→bind_new context(<cn>) to invoke the bind_new_context on asimple name.

Return

Else name is a simple name

Build the primary key string for the new NamingContext object to becreated.

Drive the constructor on the NamingContext home collection(createFromPrimaryKeyString) using this key.

Set the binding type attribute to Naming Context.

Save the IOR for this new NamingContext in the personality atrribute.

Return the NamingContext object.

The above procedure for bind_new_context creates a new object on asingle home collection (e.g., the Naming context home collection). Bydefinition, the binding object is created at the same time because ofthe inheritance relationship. Thus, the creation of a naming context andthe binding of the context into the name space are synonymous. Also notethat this procedure first calls resolve so that it can operate on asimple name. In the above pseudo-code, invoke ctx→bind_new_context is arecursive call. At some point, a simple name is provided, and the logicthen continues with the build of the primary key string. When all namingcontexts associated with the compound name, as well as the object uponwhich bind_new_context is invoked, exist in the same name server, thenew naming context object can be created with only a single hop to theresolve method.

Application objects are bound into the name space using the bind method.The following procedure describes one embodiment of the bind method.Note that the bind method can create a new named binding in a single hopwhile requiring only a single create operation:

void bind (in Name name, in Object obj)

raises (NotFound,

CannotProceed,

Invalidname,

AlreadyBound);

If name is a compound name then

ctx =executing naming context→resolve (<c1;c2; . . . cn-1>) to find thetarget naming context to which the object will be bound.

Note that the resolve operation will throw an exception if the specifiedname could not be found.

Invoke ctx→bind (<cn>, obj) to invoke the bind on a simple name.

Return

Else name is a simple name

Build the primary key string of the new Binding object.

 Drive the Binding home factory by calling createFromPrimaryKeyStringand passing the PrimaryKey.

if the name already exists in Binding home collection.

 Throw AlreadyBound exception.

else a new Binding object was created

 Set the personality attribute in the new Binding object to obj.

Set the binding type attribute to bound object.

 Return

In the above logic, a createFromPrimaryKeyString method is called. Thisoperation is, for instance, a factory method on the home collection usedto create the new persistent object of the type resident in thatcollection. It is the mechanism used to create persistent managedobjects in the system.

At this point, new named bindings have been added to the name space. Themapping of these named bindings to the underlying directory allows forefficient retrieval with the resolve method. Only the home collectionfor bindings need be searched and the contents of the personalityattribute of the retrieved binding returned. This works whether thebinding represents a naming context or a bound application object.

One example of the procedure for resolve is as follows:

Object resolve (in Name name)

raises (NotFound,

CannotProceed,

InvalidName);

If the input name begins with ‘/’ or ‘\’ then

Invoke resolve_initial_references to obtain the Naming Service Root.

Redrive the resolve on the root naming context passing the remainder ofthe name.

Return

Create the primary key string representing the object in the Name Spaceto be found.

Drive findByPrimaryKeystring on the Binding home collection passing theprimary key string.

If the Binding object was found then

Return the bound_object attribute of the Binding object. This may eitherbe a leaf node object or a

NamingContext object.

Described in detail above is a capability that allows a new namedbinding to be created in a single hop, as well as allows multiple levelnames to be resolved in a single hop from the root naming context. Thismeans that create and resolve, respectively, need to be called onlyonce, when starting from the root. Additionally, a single repository(LDAP) is used as the persistent store for both the naming contexts andbindings. Further, the state of a binding is typed in order to indicatethe type of binding.

As described above, in constructing the name space, it is possible thatportions of the name space may exist in different physical systems. Thatis, one server may be on one system, while another server may be onanother system. For example, with reference to FIG. 17, Naming Context‘/B’ may exist on System A, while Naming Context ‘/B/D’ may exist onSystem B. The underlying resource managers for these naming contexts maynot be the same (e.g., they may have different data schemas and formatsin the database, different protocols used to navigate the directoryschema, and/or different formats of the names used to represent theentries in the directory system, etc.). For example, naming context ‘/B’may be stored in LDAP, and Naming Context ‘/B/D’ may be stored in DCECDS (Distributed Computer Environment Cell Directory Services). Aschematic illustration of this scenario is depicted in FIG. 19, in whicha Naming Context ‘/B’ 1900 is located in Name Server 1 (1902) of SystemA and is backed by an LDAP resource manager 1904; and Naming Context‘/B/D’ 1906 is located in Name Server 1 (1908) of System B and its datais backed by a DCE CDS resource manager 1910.

Since the naming contexts reside on different systems, there are said tobe “foreign junctions” within the name space. That is, a particularnaming context (e.g., ‘/B/D’) cannot be resolved on one system, andthus, foreign junctions exist. In accordance with one aspect of thepresent invention, such foreign junctions are traversed in a manner thatdoes not compromise performance and is not dependent on knowledge of theunderlying directory technology used.

As described in further detail below, the technique used by this aspectof the present invention leverages the abstraction provided by theobject representation of the underlying naming context storage mechanismand introduces the concept of disjunct bindings. Disjunct bindingsrepresent locations in the CORBA name of the naming context where adeviation occurs from the natural name resolution capability of theunderlying directory technology. For example, the OMG name servicebinding name might be a/b. The “a” part of the name might be mapped todirectory System X, where the actual name in the underlying directory isof the format “name =a”. The “b” part of the name might be resident in adifferent underlying directory, Directory Y, where the underlyingdirectory name of the element might be “partname <b>”. The junctionbetween a and b is a large junction over two different directory systemswith two different naming schema that needs to be federated to form the“a/b” named binding in the object space. Identification of thesedisjunction points allows foreign junctions to be identified efficientlyand easily.

In addition to the above, this aspect of the present invention makes useof the disjunct binding concept to implement alias names in ahomogeneous manner. An alias name for a naming context is an alternatename for that naming context. The naming context is initially boundunder a primary name, which becomes its hard link. Additional,alternative paths to that naming context make use of alias names. AliasNames and foreign junctions are handled in the same manner.

Advantageously, alias names and foreign junctions are handled in a waythat maximizes the benefits of an efficient mapping to the underlyingdirectory technology during the name resolution operation. It does so insuch a manner as to maintain independence from the underlying directorytechnology of the name space segments on both the local and foreignsystems.

In one example, the name resolution operation includes a resolve method,which is used to find an object associated with a given name. As part ofthe processing of the resolve method, disjunct bindings may beencountered. The manner in which this is handled is described below withreference to FIG. 20.

In one embodiment, a primary key is constructed based on the input name,STEP 2000. The primary key may represent an object several layers downin the name space. One example of constructing the key is describedbelow with reference to FIG. 22. Subsequent to constructing the primarykey, a findByPrimaryKey method is called to search for the name spaceobject known by that primary key, STEP 2002. As one example, thefindByPrimaryKey operation is introduced on the home collection and canbe used to query the home collection for the managed object designatedby the input primary key value.

If the find is successful, INQUIRY 2004, then the desired binding isfound. Thus, the object associated with that binding is returned to thecaller, STEP 2006. This object may either be an application object or anaming context. Thus, a multiple level resolution may be performed in asingle step, as described herein.

If the findByPrimaryKey cannot find the target object, then thefindByPrimaryKey is driven on the largest portion of the name that couldhave potentially been resolved, STEP 2008. This can be achieved byincrementally backing off the rightmost name component until thefindByPrimaryKey is successful or the entire name has been consumed.Alternatively, the underlying directory technology may supply theportion of the name which could have been resolved after the firstfindByPrimaryKey was unsuccessful. This information could be provided tothe business object in a general way such as through. an exception.

Should no portion of the name be located via findByPrimaryKey, INQUIRY2010, a NotFound exception is provided, STEP 2012. If, on the otherhand, a portion of the name is located via findByPrimaryKeyString, adisjunction has been located in the name space, STEP 2014. Thisdisjunction may either represent a foreign binding or an alias name. Theobject associated with that binding is retrieved and the resolve methodis redriven on that object using the remainder of the object name, STEP2016. (If the disjunction represents a foreign binding, then the resolvemethod is redriven on a different system. This system can have adifferent implementation of the CORBA architecture than the system inwhich the disjunction is located.) Thus, performance has been maintainedin the case of a usual look-up, with disjunctions handled in astraightforward and homogeneous manner insulated from the mechanics ofthe underlying directory.

Further details associated with the resolve method are described below.In particular, one embodiment of the logic associated with resolve is asfollows:

Object resolve (in Name name)

raises (NotFound,

CannotProceed,

InvalidName);

If the input name begins with ‘/’ or ‘\’ then

Invoke resolve_initial_references to obtain the Naming Service root.

Redrive the resolve on the root naming context passing the remainder ofthe name.

Return

Create the primary key string representing the object in the Name Spaceto be Found.

Drive findByPrimaryKeyString on the Binding home collection passing theprimary key string.

If the Binding object was found then

Return the bound_object attribute of the Binding object. This may eitherbe a leaf node object or a NamingContext object.

Else the findyPrimaryKey method did not find a Binding object.

Find the largest n such that a findByPrimaryKey on the Binding homecollection using the primary key for name =<c1;c2; . . . ,cn> issuccessful.

If the Binding for such an n could be found then

Obtain the bound-object attribute from the Binding object. Thisrepresents a NamingContext object.

Drive resolve on this NamingContext using name =<cn+1;cn+2, . . . ,cz>where cz is the last component in the original name.

Return the object reference returned from the resolve invocation.

Else no Binding could be found

Throw a NotFound exception.

As can be seen above, the approach described herein has no directinteractions with the backing directory on either the local or foreignsystem; it solely makes use of client-side interfaces that are definedto the object space of the component broker programming model. Specificuse is made of the instance management interfaces, as well as thosesupplied by the Naming Service and potentially any “hint” (i.e., matchedportion of the name) of the largest sub-portion of the name that can beresolved in one hop.

The disjunct binding was originally established as a result of abind_context invocation. One example of the logic associated with abind_context is as follows:

void bind_context (in Name name, in NamingContext nc)

raises (NotFound,

CannotProceed,

InvalidName

AlreadyBound);

If name is a compound name then

ctx=executing naming context→resolve (<c1;c2; . . . cn−1>) to find thetarget naming context to which the input context will be bound.

Invoke ctx→bind context (<cn>, nc) to invoke the bind_context on asimple name.

Return

Else name is a simple name

Build the primary key string of the new Binding.

Drive the Binding home factory by calling create FromPrimaryKeySring andpassing PrimaryKey.

If the NamingContext already exists Return the AlreadyBound exception.

Set the binding type (bt) attribute of the new Binding to ndcontext toindicate that this Binding object represents a disjunct binding.

Set the bound object attribute to the input naming context nc.

Return.

Described above is a technique for handling foreign naming contexts.Advantageously, multiple level names that include junctions to a foreignnaming context or alias can be resolved with a minimum number of hops.

In one aspect of the present invention, in order to facilitate efficientone hop name resolution, the contextually sensitive CORBA Name (i.e.,CosNaming::Name) of an object is mapped to that object's identity (e.g.,its primary key) and then, to an LDAP X.500 (as one example)distinguished name in a manner that is efficient, but also maintainsseparation between the CORBA object domain and the directory domain.

In particular, in one example, the CORBA name relative to the root ofthe server in which the object resides is used as the object primary keyof the name space object (e.g., binding or naming context). The objectprimary key is then used to determine the distinguished name of thedirectory entry that represents the object. Thus, the identity of thename space object is intimately tied with its name relative to the rootof the name space of the server where the object resides. The advantageof this approach is that it facilitates efficient one hop nameresolution, reduces the need for indirection, and eliminates the need tostore CORBA names as binding attributes.

One embodiment of the logic associated with mapping a CORBA name to adistinguished name to dispatch a method on the named object is describedwith references to FIG. 21. As one example, when a method is invoked ona name space object, a method request flows from a client (i.e., aninvoker) to the name server, STEP 2100. Included in this flow is areference (IOR) to the object on which the method is to be invoked (thisobject is referred to as the executing object). The reference includesthe object key of that target object. The ORB extracts the object keyout of the IOR and provides it to the container, STEP 2102. As part ofthe object instantiation process, the container creates a naming contextdata object and provides it with this key, STEP 2104. (As describedabove, the data object is responsible for the interactions with thedirectory.)

Subsequently, the data object extracts the CORBA name from the key, STEP2106. For example, an object key may have a format of “rootcontainer/binding home primary key/object primary key”, where a possiblevalue for the object primary key portion is “Y12A.Dept/JeffreyFrey.Programmer”. The data object extracts the object primary keyportion of the primary key to obtain a string form of the CORBA name ofthat object relative to the root of the server. With the above example,the string is “/Y12A.Dept/Jeffrey Frey.Programmer”.

The object primary key is then reversed and further manipulated to buildan LDAP distinguished name, which can be used by LDAP to locate thecorresponding directory entry, STEP 2108.

The following is one example of the resulting distinguished name usingthe CORBA Name from the previous step. LDAP Root is the location of thename space root in the underlying directory.

TypelessRDN=Jeffrey Frey. Programmer,

TypelessRDN=Y12A.Dept, TypelessRDN=/,<LDAP Root>

The data object then uses this distinguished name to retrieve the datain a single operation, STEP 2110. Thereafter, the remaining objectinstantiation processing is performed and the method dispatched, STEP2112.

By using the CORBA name as part of the object key, the object reference(i.e., the Interoperable Object Reference) contains the informationneeded to retrieve the object from the underlying directory (e.g., LDAPX.500). No metastate tables are required to map the object key to thedistinguished name. In addition, the underlying structure of thedirectory is representative of the structure of the name space. That is,name space objects need not use the directory in a flat manner with allname space objects bound under a single directory entry using somegenerated Name.

Described above is the instantiation of previously existing name spaceobjects. What is described next is the construction of primary keys forthe creation of new name space objects. As one example, abind_new_context(name) method results in the creation of a new namingcontext object bound in the name space using name “name” relative to theexecuting naming context. One embodiment of the logic associated withcreating a new primary key for new objects is described with referenceto FIG. 22.

Initially, the primary key of the currently executing naming context isobtained, STEP 2200. (This key is readily available, since the objectexists and has an identity). Thereafter, the primary key is converted toa CORBA name, STEP 2202.

Subsequent to obtaining the CORBA name, the input name “name” isappended to the CORBA name, STEP 2204. Thereafter, the resulting CORBAname is converted to an object key, Step 2206.

For example, assume that a new naming context under the name“/Y12A.Dept/Jeffrey Frey.Programmer/component Broker.Project” is to becreated. In order to create the new naming context, the bind new contextmethod is called on the currently executing naming context, whose nameis “/Y12A.Dept/Jeffrey Frey.Programmer”, in this example. The namepassed on the bind_new_context call is “Component Broker.Project”.Within this method, a primary key is created.

To create the primary key for the new naming context, the string from ofthe CORBA name of the currently executing naming context is extracted.At the point in the processing that the new key is being built, theprimary key of the currently executing naming context is “rootcontainer/Binding home primary key/object primary key”, where the valuefor the object primary key portion in the example is “/Y12A.Dept/JeffreyFrey.Programmer”.

Thereafter, the object primary key is extracted, which provides thestring form of the CORBA name of the object-relative to the root of theserver. As before, that string is: “/Y12A.Dept/Jeffrey Frey.Programmer”,in this example. Then, the name of the new binding relative to thecurrently executing naming context is concatenated to the CORBA name toyield a CORBA name string of “/Y12A.Dept/JeffreyFrey.Programmer/Component Broker.Project”. This string is then used asthe object key of the primary key of the new naming context that isbeing created, whose form is “root container/Binding home primaryKey/object primary key”. As a result of this approach, the structure ofthe object primary key in the object key contains all of the informationneeded to either construct an LDAP distinguished name or the string formof the CORBA name of the object relative to the root of the server.

A further example of the above is as follows. Assume a tree havinga/b/c/d/e/f. Further, assume that a resolve method is driven against anaming context designated by the simple name c, and that the objectbound relative to the naming context bound at name d/e/f is to belocated or created. Thus, the full identity of the naming context at thec position is a/b/c. Its real name in LDAP is, for instance,typelessRDN=c, typelessRDN=b, typeRDN=a. This LDAP name is used toretrieve the object associated with that name from the LDAP directory.The data object converts the LDAP name to its CORBA name, a/b/c. Then,/d/e/f is appended to the CORBA name, yielding a/b/c/d/e/f. The entireCORBA name is then converted to a new object key, as described above. Ata subsequent point, the new primary key is provided to a data object,which uses it to build a distinguished name. This distinguished name canthen be used to find or create an entry.

This new key can be used as input to, for instance, acreateFromPrimaryKeyString method to create the new naming contextobject and associate (or bind) it with the name space. As part of theprocessing to achieve this, the new key is provided to a data object,who creates the distinguished name and calls ldap_add.

In the next example, the new key is used to find an existing entry. Forexample, this same primary key construction approach can be used as partof a resolve method to locate an object bound in the name space in asingle hop. The resolve method is implemented in, for example, a namingcontext business object. (As described above, a business object containsthe primary application interfaces and algorithms). During resolve, thenew key is passed to the findByPrimaryKeyString which passes the key toa data object. This data object uses the key to build the distinguishedname and call ldap_search. One embodiment of a resolve method that usesthe primary key creation process is described below:

Object resolve (in Name name)

raises (NotFound,

CannotProceed,

InvalidName);

If the input name begins with ‘/’ or ‘\’ then

Invoke resolve_initial_references to obtain the Naming Service root.

Redrive the resolve on the root naming context passing the remainder ofthe name.

Return

Create the primary key string representing the object in the Name Spaceto be found by concatenating the input Name to the Corba Namerepresented in the primary key of the executing Naming Context.

Drive findByPrimaryKeyString on the Binding home collection passing theprimary key string.

If the Binding object was found then

Return the bound_object attribute of the Binding object. This may eitherbe a leaf node object or a NamingContext object.

The defining of name space object primary keys in the above mannerallows name resolution to be performed in a batch fashion. The name thatis the target of the search can be resolved in a single hop, even ifthat name represents an object that is several layers down in thedirectory hierarchy. This approach allows the underlying semantics andperformance characteristics of the underlying directory technology beexploited.

In accordance with one aspect of the present invention, multiple updatesto the name space are made atomically with one another, as well as withthe creation and update of application objects. For example, anapplication object, such as an insurance policy object, is atomicallycreated and bound into the name space. This maintains the overallintegrity of the name space. In one embodiment, atomic updates areprovided by the addition of transactional semantics in the name server.Transactional semantics for name space objects are achieved by makingname space objects managed objects. As managed objects, they inherit aset of qualities of service that include the transactionalcharacteristics. In conjunction with this, a local interface to adirectory service is supplied that propagates a transactional contextfrom the name server through, for instance, the LDAP directory andfinally to the resource manager.

To achieve transactional semantics on name space objects, multiplecomponents of a computing environment are used. These componentsinclude, for instance, an underlying resource recovery service (RRS)2300 (FIG. 23), which serves as a generalized two-phase commit manager;an object transaction service 2301, which is coupled to and works withRRS; a resource manager 2302 (e.g., a database subsystem), whichexploits the RRS protocols; LDAP services 2304, which exploits the RRSprotocols to create a local backend 2305, which is coupled to resourcemanager 2302; and a server infrastructure 2306, including an objectrequest broker 2308 and a container 2312.

These components are brought together by the name server through use ofthe component broker managed object framework as the programming modeland the use of the LDAP local backend as the directory service used asthe backing store for naming objects.

By using the managed object framework, the name server supports a set ofarchitected interfaces that allows the container to manage thetransaction. These interfaces include those used for the businessobject, which includes the application logic for implementing the clientlevel interfaces; and the data object, which is responsible forinteractions with the backing store, in this case, the LDAP localbackend.

The LDAP local backend allows the LDAP server functions to execute underthe same unit of work that invoked the associated LDAP client function.By doing so, RRS context information can be propagated from the nameserver, across LDAP, and into, for instance, the DB2 database. Furtherdetails of LDAP local backend 2305 are described below.

In particular, in accordance with one aspect of the present invention,the LDAP server code is allowed to run locally to the LDAP client code.Thus, the client code and server code are packaged together withmodifications that allow the network flows to be by-passed.

For example, the ORB establishes a transactional context. Thereafter,the naming data object receives control and invokes LDAP interfaces,such as LDAP client interface code and LDAP server code (which reside onthe same server). Then, DB2, for instance, retrieves the transactionalcontext.

In this arrangement, a caller such as the naming data object calls theLDAP client interface code. The client interface code then directlycalls the LDAP server code without going outbound on the network. Thus,the naming data object, the LDAP client code, the LDAP server code, andthe invocation to DB2 end up running under the same unit of work. DB2 istherefore able to access the transactional context that was establishedby the ORB prior to the LDAP client code being invoked. (LDAP is furtherdescribed in “LDAP. Server Administration and Usage Guide,” IBMPublication No. SC24-5861-00 (Jan. 1998), and at DS.INTERNIC.NET RFC1777, which are hereby incorporated herein by reference in theirentirety.)

Certain details of how a transactional name server is defined andoperated is described below with reference to various logic flows. Asone example, the control flow associated with creating an object in atransactional environment is described with reference to FIG. 24. Thisexample is from the perspective of a naming object (e.g., a namingcontext or a binding). Further, in this example, a new naming contextobject is being created through the bind_new_context method describedherein.

Initially, a transaction begins, when, for instance, a client performs abind_new_context invocation, STEP 2400. The container is activated andthe transaction context is attached to the thread of execution. As partof the container activation, two connection objects are initialized. Onesets up the connection with, for instance, an LDAP resources manager bycalling ldap_open and ldap_bind. As a result of these calls, a handle isprovided that will be used by the data object for its futureinteractions with LDAP. The second connection object that is initializedis the one for RRSAF, which proceeds, as previously described herein.Through this, the environment is set up that allows interactions withthe name server to be performed under a transactional scope. DB2 canpick up the transactional context that the ORB attached to the thread ofexecution. LDAP manages the DB2 data per the requests made by the namingcontext data object. Once all of this is set up, the bind-new-contextmethod is dispatched on the currently executing naming context. Itbuilds an object key for the new naming context, as previously describedherein. It then invokes createByPrimaryKeyString against the NamingContext home to cause the new object to be created. As part of thisprocessing, the new data object is created, STEP 2402.

Additionally, a business object is created and associated with the dataobject, STEP 2404. As one example, the association is performed bycalling inItForCreation. Default attributes are copied from the dataobject to the business object.

Subsequent to creating the data and business objects, the transaction iscommitted, STEP 2406. During the commit, an insertToDataStore method iscalled on the data object, which causes a new directory entry (e.g., anLDAP directory record) associated with the internalized key to becreated, STEP 2408. In particular, when the transaction is committed,the insertToDataStore invokes the services of the LDAP directory serviceto create the new directory entry. That is an ldap add, in this example.LDAP performs the appropriate manipulations of the underlying DB2database in order to create the entry. Because the data object, LDAP,and eventual DB2 calls are all running under the same thread ofexecution, and therefore, under the same transactional context, thismodification to the name space is associated with a specifictransaction.

After creating an object, the object can be retrieved. Some of thecontrol flow associated with retrieving an existing object is similar tothe flow for creating an object, and thus, reference is made to theabove discussion, as well as to the same figure, FIG. 24. In oneexample, the retrieve flow takes place as part of activating an existingnaming context.

Initially, a transaction begins, STEP 2400. A data object is created,STEP 2402, as well as the business object, as described above. Thebusiness object is associated with the data object, STEP 2404. In thisinstance, the business object is associated with the data object bycalling initForReactivation.

Thereafter, the data is retrieved. In this instance,retrieveFromDataStore is called on the data object, which causes thedata object to drive an ldap_search, and LDAP, in turn, interacts withDB2 to obtain the data.

Once the object is retrieved, it can be updated. For example, an updatemay be that a bind modified a binding to point to a differentapplication object. One embodiment of the control flow associated withupdating an object once it has been inserted or retrieved is describedwith reference to FIG. 25. The scenario for update is similar to thosedescribed above.

Initially, a client (i.e., an invoker) updates one or more attributes ofthe business object, STEP 2500. Thereafter, the transaction commits,STEP 2502. As part of the commit process, pre-prepare causesinitForPassivation to be called on the business object, thereby flowingthe business object attributes to the data object, STEP 2504.

Further, during the commit process, the attributes are passed to theLDAP directory using updateToDataStore, STEP 2506. UpdateToDataStoreinvokes LDAP, which in turn, interacts with DB2. For example, LDAPstores the attributes in a data store of a resource manager, such asDB2, STEP 2508.

After the attributes are stored, the business object and data object aredeleted from memory, STEP 2510, and DB2 receives a prepare and commitflow, STEP 2512. This concludes updating an object in a transactionalname server.

One embodiment of the control flow associated with deleting an object,once it has been inserted or retrieved is described with reference toFIG. 26. Initially, a client drives a remove method against an object,STEP 2600, and the transaction commits, STEP 2602. As part of commit,uninitForDestruction is called on the business object in order to deletethe object, STEP 2604. Additionally, the LDAP directory entry andassociated DB2 data is deleted via deleteFromDataStore, which is calledon the data object, STEP 2606. In one example, the data object usesldap_delete( ) to perform the deletion. Further, the business object anddata object are deleted from memory, STEP 2608, and DB2 receives aprepare and commit flow, STEP 2610.

In each of the above control flows, there is a transactional contextthat is flowing. One embodiment of how the transactional context flowsduring the above-described control flows is described with reference toFIG. 27.

Initially, a client (i.e., an invoker) creates a transaction and thetransaction context flows with its interaction with the name server,STEP 2700. That is, the client performs a begin_tran and thetransactional context flows as part of the method invocation, asdescribed herein. The transaction context is established in the nameserver and associated with the business object and data object pair,STEP 2702.

Thereafter, the transactional context is retrieved by DB2 for updates toDB2 tables, STEP 2704. DB2 is able to retrieve the transactional contextby virtue of running under the same unit of work that owns the businessobject/data object pair.

With the capabilities described above, multiple naming contexts andapplication objects can be manipulated in one or more server instancesatomically. Take the following example:

1) Begin a transaction;

2) Create a naming context A;

3) Create an application object B;

4) Create an application object C;

5) Bind application object B under naming context A;

6) Bind application object c under naming context A;

7) Commit or roll back the transaction.

Since the scope of an object's life in memory is associated with thescope of the transaction, server replication becomes possible. An objectthat is active within a given server is locked. As such, any replicatedserver cannot access it until those locks are released.

Described in detail above is a transactional name server that providesfor multiple atomic updates to a name space. A transactional name serveradvantageously makes possible server replication which improvesavailability and performance characteristics of the server. Inaccordance with this aspect of the present invention, component brokermechanisms are used in conjunction with a particular implementation ofLDAP to allow the data object, LDAP and the DB2 calls to run under thesame unit of work. This makes modifications to the name spacetransactional. As described above, this could involve retrievingbindings or naming contexts, creating new ones, or modifying existingones. This has lead to various enhancements. For example, wheninitializing the name space, entire segments of the name space can bebuilt under the scope of a single transaction. As a result of this, whencommit is performed, either all of the changes take place or none ofthem take place. This eliminates the possibility of creating partialname spaces with inconsistent states should processing terminateprematurely. Furthermore, a transactional name space allows applicationobjects to be created and their references registered in the name spaceunder the scope of a single transaction. This avoids scenarios whereprocessing is interrupted between object create and name spaceregistration, which would result in orphaned objects.

As described in detail above, a name space is provided, which managesnaming context objects. In one aspect of the present invention, a namespace 2800 (FIG. 28) also includes a repository, such as a Life CycleRepository (LCR) 2802. The Life Cycle Repository is located within, forinstance, a private portion of the name space, and includes a set offactories.

Factories provide a client (i.e., an invoker, a user) with specializedoperations to create and initialize new object instances. AGenericFactory interface is defined by the Life Cycle Service. The LifeCycle Service is an OMG architected set of services that defineconventions for creating, deleting, copying, and moving objects. Theseservices allow remote clients to perform life cycle operations onobjects in different locations. The GenericFactory serves as a creationservice and provides a generic operation for object creation. To createan object in such a way, a client uses an object reference to a factory.The client can obtain the factory object reference through use of theNaming Services or through the use of a Life Cycle FactoryFinderservice, described below. In addition, clients may be passed factoryobjects as parameters.

A client that wishes to delete an object issues a remove operation. Todelete an object in such a way, that object is to support theLifeCycleobject interface. The LifeCycleObject interface also supportsmove and copy operations. The move and copy operations are passed anobject reference to a FactoryFinder. The client is thereby specifying tomove or copy the object using a factory within the scope of theFactoryFinder.

FactoryFinders support the find_factories operation, which returns asequence of factories that meet the specified characteristics. The setof factories against which the FactoryFinder performs its search iscontained in the Life Cycle Repository.

An object may support multiple interfaces according to its inheritancehierarchy. As depicted in FIG. 29, an inheritance relationship 2900 isshown among various interfaces A-E. An object implementation 2902 issupplied for interface E (shaded area). Instances of that implementationsupport all of the interfaces A-E. The problem to be solved then is howto allow a client to locate a factory that produces instances ofimplementation E, when that client may be using any of interfaces A-E asthe criteria for finding that factory. For example, the client may passthe name of interface A to the FactoryFinder and expect to receive oneor more factories that support that interface. The factory forimplementation E is to be included among those returned. Furthermore,the factory for implementation E is to be returned when the clientpasses the name of any of the interfaces A-E to the FactoryFinder.

In accordance with one aspect of the present invention, in order tolocate a factory that produces instances of an implementation of aparticular object (e.g., object E), interface names are registered forthe factory of implementation E within the Life Cycle Repository.

One embodiment of the logic associated with registering multipleinterfaces for the factory of implementation E is described withreference to FIG. 30. Initially, a transaction is begun for performingthe registrations, STEP 3000. Within the transactional unit of work, thefactory for implementation E, in this example, is registered underinterface Name A, STEP 3002. In particular, the factory object is boundin the name space under Name A.

Additionally, the factory for implementation E is registered underinterface names B, C, D and E, STEPS 3004-3010. Thereafter, thetransaction is committed, STEP 3012. (In other examples, there may bemore or less interfaces. The above is only one example.)

By using the above procedure, all of the interface names associated withthe factory for a particular implementation (e.g., implementation E) areregistered in the Life Cycle Repository. This allows a factory thatproduces instances of a particular implementation to be located nomatter which interface is used as the criteria for finding the factory.

For example, assume that there is a factory that builds employee objectsand another factory that builds person objects. Further, assume that alist of all factories that build people is desired. In accordance withthis aspect of the present invention, the list includes the employeefactory, since employees are people, as well as the person factory.

As described above, a server system includes one or more serverinstances used to manage various objects. Further details regarding aserver instance is described herein. In particular, in accordance withone aspect of the present invention, a server instance is provided thatoffers integrity (i.e., reliability), application isolation betweenprivileged and non-privileged applications, enhanced transactionrecovery time (i.e., restart/recovery calability), and effectiveworkload management. One embodiment of such a server instance isdescribed with reference to FIG. 31.

In one aspect of the present invention, a server instance 3100 includes,for example, one or more control regions 3102 and one or more serverregions 3104. Control region 3102 is an address space (separate andapart from the one or more server region address spaces), which executesin privileged mode. It does not provide a residence for any user writtenapplication code, but does provide various control functions, which areprotected from the applications running in the one or more serverregions. One control function provided in the control region includes,for example, the processing of security credentials. Most of the statedata required to map security and transactional context for an inboundrequest is managed within the control region.

As one example, control region 3102 includes an ORB 3106, whichcommunicates with clients, such as a client 3108; and is coupled to OTS3110, RRS 3112 and workload manager 3114.

A server region 3104 is an address space that is used to executenon-privileged application code. It is the home for one or morecontainers 3116; one or more business objects 3118; and one or more dataobjects 3120, which communicate with at least one resource manager 3121.Additionally, server region 3104 includes an ORB 3122, whichcommunicates with ORB 3106 of the control region, and is coupled to OTS3124, RRS 3126 and workload manager 3128. This is where applicationprocessing takes place. A server region can be replicated to provideworkload balancing.

Although ORB 3106 and 3122 are shown separately, they are logically oneORB, since they are located within the same server instance. Similarly,OTS 3110 and OTS 3124 are logically the same, as well as RRS 3112 andRRS 3126; and WLM 3114 and WLM 3128.

The separation of privileged and non-privileged is functions intoseparate address spaces within a server instance provides integrity andisolation, not provided by the conventional single address space serverinstance. In particular, in a single address space structure containingboth a runtime component and an execution space for businessapplications, the levels of integrity and isolation required byenterprise class applications are not provided. In such an executionspace, it is not unusual for errant or misbehaved application code tomodify the state of the runtime in such a way as to cause eitherintegrity exposures or failure of the server. Examples of criticalruntime state include shared dispatch queues, security contexts,transactional contexts, workload management contexts, and other runtimestate required for the management and execution of the applicationserver. In the case of andling security contexts, the problem ofexposing security related data in the same domain in which theapplication is running, where the possibility of modification of thestate data exists, represents a significant security exposure in thesystem.

Further, typical single process server structures allow the schedulingof multiple users executing under multiple transactions to be dispatchedinto the same virtual memory space on multiple threads of execution.This approach results in an environment where an application runningunder one transaction can affect the state of an application runningunder a different transaction, thereby violating the transactionalprinciple of isolation.

However, in accordance with one aspect of the present invention, aserver instance can be configured with one of two dispatching policies.The first, allows a given backend server region to accept multipleclient requests, running in multiple transactional units of work, one oneach thread of execution within the multi-threaded server region. Thispolicy is referred to as “CICS like”, since it most closely representsthe type of dispatching performed within the CICS system. With this typeof dispatching policy, no transaction application to applicationisolation is provided, since more than one transaction may be runningwithin the server region address space at the same time.

The second option for dispatching policy restricts the scheduling ofwork to any given server region so that at any given point in time,there is at most one user, running in one transactional unit of workwithin the server region. This policy option is referred to as “IMSlike” scheduling. This second option, although more consuming ofphysical address spaces, offers the desired transactional isolation andintegrity.

Another flaw with single address space server instances is poortransaction recovery time. If the distributed application serverprovides the capability of managing work under a transactional unit ofrecovery, then the server is also obligated to provide well knownrecovery actions in the case of failure. One of the pieces of recoveryafter server failure is the re-establishment of the distributedcommunication channels that were in operation at the time of failure.This recovery action is used to determine whether or not any furtherrecovery action is necessary or desired. In addition, the transactionlog which provides information regarding the state of the transaction inthe server at time of failure is read. This log is typically tied to theserver address space that failed. This means that each and every addressspace is to be restarted, replay its transaction log, and then determinewhether further action is required. As the number of server addressspaces increase in the system, restart time becomes an inhibitor to theefficient and responsive recovery of the system.

However, in accordance with the server structure of this aspect of thepresent invention, the recoverable resources reside either in backendresource managers such as DB2, or in the control region. There are noresources in the server region that need to participate in transactionalrecovery. This means that the server regions do not have to be restartedand participate in recovery after a system failure. Since therecoverable object-oriented resources are associated with the controlregion, only the control region needs to be restarted after a failure,significantly improving restart time and scalability.

In many systems, such as the MVS system offered by InternationalBusiness Machines Corporation, (Armonk, N.Y.), workload managementdecisions with respect to dispatching priority, memory management, I/Opriority queue management, etc. are performed at the address spacelevel. The address space is a convenient home under which theseresources can be managed at the appropriate granularity. If a singleaddress space is used to service work under a multiple and diverse setof performance classes, then an undesirable averaging of the workloadmanagement policies may result, since workload management is makingadjustments at the address space level for all of the work running inthat address space. Thus, in accordance with one aspect of the presentinvention, multiple workload management queues 3130 are used by workloadmanager 3114 to balance the workload of the server regions. For example,the workload manager may group work with similar performance goals oneach of the queues and cause the dispatch of that work into a givenserver region or regions. In particular, when a server region is able toaccept work, the ORB of that region pulls a piece of work from itsrespective queue into the region to be processed.

With the above approach, the workload manager effectively partitionsdifferent classes of work across different physical address spaces, sothat the undesirable averaging of performance goal management does notoccur, as in a single address space system. Further, with the aboveapproach, the workload manager can dynamically expand and/or contractthe number of server regions based on workload management criteria, suchas those listed above.

In the above described implementation of a server instance, if abusiness object of one of the regions wants to communicate with abusiness object of another server instance, the business object flows anoutbound object request, which proceeds from ORB 3122 to ORB 3106 acrossa link. In one example, the link is based on OS/390 cross-memoryfacilities described in detail in “Enterprise Systems Architecture/390Principles of Operation,” IBM Publication No. SA22-7201-05 (Sept. 1998),which is hereby incorporated herein by reference in its entirety. ORB3106 then communicates with the target server.

Described in detail above are aspects of the present invention, whichprovide an object-oriented computing environment that is reliable,secure, transactional and workload managed.

The present invention can be included in an article of manufacture(e.g., one or more computer program products) having, for instance,computer usable media. The media has embodied therein, for instance,computer readable program code means for providing and facilitating thecapabilities of the present invention. The article of manufacture can beincluded as a part of a computer system or sold separately.

Additionally, at least one program storage device readable by a machine,tangibly embodying at least one program of instructions executable bythe machine to perform the capabilities of the present invention can beprovided.

The flow diagrams depicted herein are just exemplary. There may be manyvariations to these diagrams or the steps (or operations) describedtherein without departing from the spirit of the invention. Forinstance, the steps may be performed in a differing order, or steps maybe added, deleted or modified. All of these variations are considered apart of the claimed invention.

Although preferred embodiments have been depicted and described indetail herein, it will be apparent to those skilled in the relevant artthat various modifications, additions, substitutions and the like can bemade without departing from the spirit of the invention and these aretherefore considered to be within the scope of the invention as definedin the following claims.

What is claimed is:
 1. A method of constructing a server instance of acomputing environment, said method comprising: providing a first regionof said server instance in a first address space, said first regionbeing used to perform one or more privileged functions, and wherein saidserver instance supports object-oriented technology; and providing asecond region of said server instance in a second address space, saidsecond region being used to perform one or more non-privilegedfunctions, wherein said privileged functions and said non-privilegedfunctions are different, and wherein said first address space and saidsecond address space are separate.
 2. The method of claim 1, whereinsaid first region comprises at least a portion of an object requestbroker, said portion usable in communicating with one or more clientscoupled to said server instance.
 3. The method of claim 2, wherein saidsecond region comprises at least another portion of said object requestbroker, said at least another portion performing different capabilitiesthan said at least a portion.
 4. The method of claim 1, wherein saidproviding said second region comprises providing a plurality of secondregions.
 5. The method of claim 4, wherein said plurality of secondregions are replicas of one another.
 6. The method of claim 4, furthercomprising balancing workload among said plurality of second regionsusing a workload manager coupled to one or more of said plurality ofsecond regions.
 7. The method of claim 6, wherein said workload manageruses one or more queues in balancing said workload.
 8. The method ofclaim 1, further comprising dynamically providing one or more additionalsecond regions.
 9. The method of claim 8, wherein said dynamicallyproviding is based on one or more workload management criteria.
 10. Themethod of claim 8, further comprising dynamically removing one or moresecond regions.
 11. The method of claim 10, wherein said dynamicallyremoving is based on one or more workload management criteria.
 12. Themethod of claim 1, wherein said providing said first region comprisesproviding a plurality of first regions.
 13. The method of claim 1,wherein said one or more privileged functions includes at least one ofclient communications and security control.
 14. A server instance of acomputing environment, said server instance comprising: a first regionin a first address space being used to perform one or more privilegedfunctions, and wherein said server instance supports object-orientedtechnology; and a second region in a second address space being used toperform one or more non-privileged functions, wherein said privilegedfunctions and said non-privileged functions are different, and whereinsaid first address space and said second address space are separate. 15.The server instance of claim 14, wherein said first region comprises atleast a portion of an object request broker, said portion usable incommunicating with one or more clients coupled to said server instance.16. The server instance of claim 15, wherein said second regioncomprises at least another portion of said object request broker, saidat least another portion performing different capabilities than said atleast a portion.
 17. The server instance of claim 14, further comprisinga plurality of second regions.
 18. The server instance of claim 17,wherein said plurality of second regions are replicas of one another.19. The server instance of claim 17, further comprising a workloadmanager coupled to said server instance, wherein said workload manageris coupled to one or more of said plurality of second regions to balanceworkload among said plurality of second regions.
 20. The system of claim19, wherein said workload manager uses one or more queues in balancingsaid workload.
 21. The server instance of claim 14, further comprising aplurality of first regions.
 22. The server instance of claim 14, whereinsaid one or more privileged functions includes at least one of clientcommunications and security control.
 23. A system of constructing aserver instance of a computing environment, said system comprising:means or providing a first region of said server instance in a firstaddress space, said first region being used to perform one or moreprivileged functions, and wherein said server instance supportsobject-oriented technology; and means for providing a second region ofsaid server instance in a second address space, said second region beingused to perform one or more non-privileged functions, wherein saidprivileged functions and said non-privileged functions are different,and wherein said first address space and said second address space areseparate.
 24. The system of claim 23, further comprising means fordynamically providing one or more additional second regions.
 25. Thesystem of claim 24, wherein said dynamically providing is based on oneor more workload management criteria.
 26. The system of claim 24,further comprising means for dynamically removing one or more secondregions.
 27. The system of claim 26, wherein said dynamically removingis based on one or more workload management criteria.
 28. An article ofmanufacture, comprising: at least one computer usable medium havingcomputer readable program code means embodied therein for causing theconstructing of a server instance of a computing environment, thecomputer readable program code means in said article of manufacturecomprising; computer readable program code means for causing a computerto provide a first region of said server instance in a first addressspace, said first region being used to perform one or more privilegedfunctions, and wherein said server instance supports object-orientedtechnology; and computer readable program code means for causing acomputer to provide a second region of said server instance in a secondaddress space, said second region being used to perform one or morenon-privileged functions, wherein said privileged functions and saidnon-privileged functions are different, and wherein said first addressspace and said second address space are separate.
 29. The article ofmanufacture of claim 28, wherein said first region comprises at least aportion of an object request broker, said portion usable incommunicating with one or more clients coupled to said server instance.30. The article of manufacture of claim 29, wherein said second regioncomprises at least another portion of said object request broker, saidat least another portion performing different capabilities than said atleast a portion.
 31. The article of manufacture of claim 28, whereinsaid computer readable program code means for causing a computer toprovide said second region comprises computer readable program codemeans for causing a computer to provide a plurality of second regions.32. The article of manufacture of claim 31, wherein said plurality ofsecond regions are replicas of one another.
 33. The article ofmanufacture of claim 31, further comprising computer readable programcode means for causing a computer to balance workload among saidplurality of second regions using a workload manager coupled to one ormore of said plurality of second regions.
 34. The article of manufactureof claim 33, wherein said workload manager uses one or more queues inbalancing said workload.
 35. The article of manufacture of claim 28,further comprising computer readable program code means for causing acomputer to dynamically provide one or more additional second regions.36. The article of manufacture of claim 35, wherein said computerreadable program code means for causing a computer to dynamicallyprovide is based on one or more workload management criteria.
 37. Thearticle of manufacture of claim 35, further comprising computer readableprogram code means for causing a computer to dynamically remove one ormore second regions.
 38. The article of manufacture of claim 37, whereinsaid computer readable program code means for causing a computer todynamically remove is based on one or more workload management criteria.39. The article of manufacture of claim 29, wherein said computerreadable program code means for causing a computer to provide said firstregion comprises computer readable program code means for causing acomputer to provide a plurality of first regions.
 40. The article ofmanufacture of claim 28, wherein said one or more privileged functionsincludes at least one of client communications and security control.